Remote Code Execution vuln in Zend Framework 3.0.0

Overview :
Remote Code Execution vuln in Zend Framework 3.0.0
Affected Product(s) :
  • Zend Framework 3.0.0
Vulnerability Details :
CVE ID : CVE-2021-3007
Zend Framework 3.0.0 has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: the code may be related to Laminas Project laminas-http. Zend Framework is no longer supported by the maintainer. However, not all Zend Framework 3.0.0 vulnerabilities exist in a Laminas Project release.

Solution :

Upgrade to latest version.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-27535 : KASPERSKY VPN SECURE CONNECTION UP TO 21.5 ON WINDOWS DENIAL OF SERVICE

CVE-2022-27535 : KASPERSKY VPN SECURE CONNECTION UP TO 21.5 ON WINDOWS DENIAL OF SERVICE

Description Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of

CVE-2022-32965 : OMICARD EDM HARD-CODED CREDENTIALS

CVE-2022-32965 : OMICARD EDM HARD-CODED CREDENTIALS

Description OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized

CVE-2022-34619 : MEALIE 0.5.5 SHOPPING LISTS ITEM NAMES CROSS SITE SCRIPTING

CVE-2022-34619 : MEALIE 0.5.5 SHOPPING LISTS ITEM NAMES CROSS SITE SCRIPTING

Description A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via