7 matches found
MAL-2025-34467 Malicious code in tangerine-zf1-project (npm)
The package tangerine-zf1-project was found to contain malicious code...
Malicious code in tangerine-zf1-project (npm)
The package tangerine-zf1-project was found to contain malicious code...
Zendframework1 Potential SQL injection in ORDER and GROUP functions
The implementation of ORDER BY and GROUP BY in ZendDbSelect remained prone to SQL injection when a combination of SQL expressions and comments were used. This security patch provides a comprehensive solution that identifies and removes comments prior to checking validity of the statement to ensur...
XML External Entity (XXE)
plesk/zf1 is vulnerable to XML external entity XXE. The library does not properly encode !ENTITY string in function heuristicScan in Security.php when threading is enabled during the Byteordermark BOM detection, allowing a malicious user to exploit this flaw by providing multibyte XML string or...
Potential SQL injection in ORDER and GROUP functions of ZF1
More info at https://framework.zend.com/security/advisory/ZF2016-03...
Potential Insufficient Entropy Vulnerability in ZF1
More info at https://framework.zend.com/security/advisory/ZF2016-01...
CVE-2014-2683
CVE-2014-2683 affects Zend Framework components (ZF1 < 1.12.4; ZF2 < 2.1.6,