Improper input validation in Zend Zend_framework

CVE-2012-6531

(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections vi…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.009 (76.1th percentile) — read the EPSS interpretation.

Affected products

Zend Zend_framework — versions 1.0.4, 1.5.0, 1.5.1
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

[oss-security] 20120627 Re: XXE in Zend (mailing-list, x_refsource_MLIST)
DSA-2505 (vendor-advisory, x_refsource_DEBIAN)
[oss-security] 20120626 Re: XXE in Zend (mailing-list, x_refsource_MLIST)
[oss-security] 20120626 XXE in Zend (mailing-list, x_refsource_MLIST)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_MISC)