Vulnerabilities > Zend > Zend Framework > 2.3.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-01-27 | CVE-2015-3154 | Injection vulnerability in Zend Framework CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email. | 4.3 |
2017-06-08 | CVE-2015-1786 | Cross-Site Request Forgery (CSRF) vulnerability in Zend Framework Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers. | 6.8 |
2016-12-30 | CVE-2016-10034 | Command Injection vulnerability in Zend Zend-Mail and Zend Framework The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address. | 7.5 |
2016-06-07 | CVE-2015-5723 | Permissions, Privileges, and Access Controls vulnerability in multiple products Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code. | 7.8 |
2015-08-25 | CVE-2015-5161 | XML External Entity Injection vulnerability in Multiple Zend Products The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters. network zend | 6.8 |