Framework

framework

Vendor: Zend • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-0270 1Zend 1Framework Nov 21, 2024 Oct 25, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter.
CVE-2011-3825 1Zend 2Framework Server Apr 29, 2026 Sep 24, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Valid...Show more Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Validate.php and certain other files.Show less
CVE-2009-4417 1Zend 1Framework Apr 23, 2026 Dec 24, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-dependent attackers to send arbitrary e-mail messages to any recipient address via vectors related to "events not yet mailed."