Zendframwork is vulnerable to session validation bypass. If the session validator is set up prior to the start of a session, it will not have any validator metadata attached, causing the application to rebuild the metadata and mark the current session as valid.
CPE | Name | Operator | Version |
---|---|---|---|
zendframework/zendframework | le | 2.2.8 | |
zendframework/zendframework | le | 2.3.3 |