Vulnerabilities > Zend > Zend Framework > 1.11.0

DATE CVE VULNERABILITY TITLE RISK
2013-02-13 CVE-2012-6531 Improper Input Validation vulnerability in Zend Framework
(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack, a different vulnerability than CVE-2012-3363.
network
low complexity
zend CWE-20
6.4
6.4
2013-02-13 CVE-2012-3363 XXE vulnerability in multiple products
Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.
network
low complexity
zend fedoraproject debian CWE-611
critical
 9.1
9.1