Zend Framework Security Vulnerabilities and Issues — Zend Framework CVE List

Lucene search

ZendZend Framework

6 matches found

CVE•added 2017/12/29 2:29 p.m.•200 views

CVE-2014-4914

The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.

9.8CVSS7.9AI score0.03436EPSS

CVE•added 2017/02/17 2:59 a.m.•76 views

CVE-2016-4861

The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.

9.8CVSS9.6AI score0.03977EPSS

CVE•added 2017/02/17 2:59 a.m.•61 views

CVE-2016-6233

The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression.

9.8CVSS9.4AI score0.01724EPSS

CVE•added 2017/10/10 4:29 p.m.•45 views

CVE-2015-7503

Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key.

7.5CVSS7.3AI score0.00249EPSS

CVE•added 2017/08/07 5:29 p.m.•40 views

CVE-2015-1555

Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators.

9.1CVSS9.1AI score0.00289EPSS

CVE•added 2017/06/08 9:29 p.m.•37 views

CVE-2015-1786

Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers.

8.8CVSS8.7AI score0.00113EPSS