Vulnerability Database

318,250

Total vulnerabilities in the database

Vulnerabilities for products matching "zendframework"

Found 1 matching product.

You can search for specific versions with /product/zendframework/1.2.3

Composer icon

zendframework / zendframework

14 vulnerabilities found
Title Severity Exploit Date Affected Version
Zendframework URL Rewrite vulnerability
Medium June 7, 2024 6/7/24
< 2.5.0
ZendFramework vulnerable to Cross-site Scripting
Medium June 7, 2024 6/7/24
>= 2.0.0 < 2.0.1
ZendFramework potential remote code execution in zend-mail via Sendmail adapter
Medium June 7, 2024 6/7/24
>= 2.0.0 < 2.4.11
ZendFramework Potential Proxy Injection Vulnerabilities
Medium June 7, 2024 6/7/24
>= 2.0.0 < 2.0.5
ZendFramework Information Disclosure and Insufficient Entropy vulnerability
Medium June 7, 2024 6/7/24
>= 2.0.0 < 2.4.9
ZendFramework SQL injection due to execution of platform-specific SQL containing interpolations
High June 7, 2024 6/7/24
>= 2.0.0 < 2.0.8
>= 2.1.0 < 2.1.4
Zendframework vulnerable to XXE/XEE attacks
Critical June 7, 2024 6/7/24
>= 2.1.0 < 2.1.6
>= 2.2.0 < 2.2.6
ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities
High June 7, 2024 6/7/24
>= 2.0.0 < 2.0.8
>= 2.1.0 < 2.1.4
Zendframework session validation vulnerability
Medium June 7, 2024 6/7/24
>= 2.0.0 < 2.2.9
>= 2.3.0 < 2.3.4
ZendFramework Route Parameter Injection Via Query String in `Zend\Mvc`
High June 7, 2024 6/7/24
>= 2.0.0 < 2.0.8
>= 2.1.0 < 2.1.4
Zendframework has potential Cross-site Scripting vector in multiple view helpers
Medium June 7, 2024 6/7/24
>= 2.0.0 < 2.2.7
>= 2.3.0 < 2.3.1
Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress`
High June 7, 2024 6/7/24
>= 2.2.0 < 2.2.5
CVE-2021-3007
Critical January 4, 2021 1/4/21
<= 3.0.0
CVE-2014-8089
Critical February 17, 2020 2/17/20
>= 2.0.0 < 2.0.99
>= 2.1.0 < 2.1.99
>= 2.2.0 < 2.2.8
>= 2.3.0 < 2.3.3