Vulnerabilities > CVE-2020-8986 - Improper Check for Unusual or Exceptional Conditions vulnerability in Zend Zendto

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
zend
CWE-754

Summary

lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of requests.

Vulnerable Configurations

Part Description Count
Application
Zend
123