zendframework/zendframework1
Packagist14 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting zendframework/zendframework1page 1 of 1
- CVE-2012-3363CRITICALCVSS 9.1✓ Fixed in 1.12.02013-02-13
Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference i…
- CVE-2012-5657NONECVSS 0.0✓ Fixed in 1.12.12013-05-02
vulnerable: 1.12.0
The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a…
- CVE-2012-6531NONECVSS 0.0✓ Fixed in 1.12.02013-02-13
(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections vi…
- CVE-2012-6532NONECVSS 0.0✓ Fixed in 1.12.02013-02-13
(1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an …
- CVE-2014-2681NONECVSS 0.0✓ Fixed in 1.12.42014-11-16
vulnerable: 1.12.0, 1.12.1, 1.12.2, 1.12.3
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzur…
- CVE-2014-2682NONECVSS 0.0✓ Fixed in 1.12.42014-11-16
vulnerable: 1.12.0, 1.12.1, 1.12.2, 1.12.3
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzur…
- CVE-2014-2683NONECVSS 0.0✓ Fixed in 1.12.42014-11-16
vulnerable: 1.12.0, 1.12.1, 1.12.2, 1.12.3
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzur…
- CVE-2014-8088NONECVSS 0.0✓ Fixed in 1.12.92014-10-22
vulnerable: 1.12.0 ... 1.12.8 (9 versions)
The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthen…
- CVE-2014-8089CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.12.92020-02-17
vulnerable: 1.12.0 ... 1.12.8 (9 versions)
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.
- CVE-2015-3154MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.12.122020-01-27
vulnerable: 1.12.0 ... 1.12.9 (12 versions)
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF …
- CVE-2015-5161NONECVSS 0.0EG 0.0✓ Fixed in 1.12.142015-08-25
vulnerable: 1.12.0 ... 1.12.9 (14 versions)
The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and co…
- CVE-2015-5723HIGHCVSS 7.8EG 7.8✓ Fixed in 1.12.162016-06-07
vulnerable: 1.12.0 ... 1.12.9 (16 versions)
Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writa…
- CVE-2015-7695CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.12.162016-06-07
vulnerable: 1.12.0 ... 1.12.9 (16 versions)
The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.
- CVE-2016-6233CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.12.192017-02-17
vulnerable: 1.12.0 ... 1.12.9 (19 versions)
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression.
Check whether zendframework/zendframework1 is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for zendframework/zendframework1 CVEs against the assets you own.
Start Free Scan →