Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/zendframework/zendframework1@1.12.13

Type composer

Namespace zendframework

Name zendframework1

Version 1.12.13

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.12.20

Latest_non_vulnerable_version 1.12.20

Affected_by_vulnerabilities

url VCID-2ncq-wptr-k3ha

vulnerability_id VCID-2ncq-wptr-k3ha

summary

SQL Injection
Potential SQL injection vector using null byte for PDO (MsSql, SQLite).

references

reference_url	https://framework.zend.com/security/advisory/ZF2015-08
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2015-08

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.16

purl pkg:composer/zendframework/zendframework1@1.12.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2xx4-77e9-pfbb

vulnerability	VCID-8atm-865q-mkf3

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-n2gy-93nd-gber

vulnerability	VCID-q73m-16a9-rkgx

vulnerability	VCID-rc3w-5r97-k3b3

vulnerability	VCID-sjw9-2fwe-5ybg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.16

aliases ZF2015-08

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ncq-wptr-k3ha

url VCID-2xx4-77e9-pfbb

vulnerability_id VCID-2xx4-77e9-pfbb

summary

Potential SQL injection
The implementation of `ORDER BY` and `GROUP BY` in `Zend_Db_Select` of ZF1 is vulnerable by the following SQL injection.

references

reference_url	https://framework.zend.com/security/advisory/ZF2016-02
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2016-02

reference_url	https://github.com/zendframework/zf1/commit/bf3f40605be3d8f136a07ae991079a7dcb34d967
reference_id
reference_type
scores
url	https://github.com/zendframework/zf1/commit/bf3f40605be3d8f136a07ae991079a7dcb34d967

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.19

purl pkg:composer/zendframework/zendframework1@1.12.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rc3w-5r97-k3b3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.19

aliases ZF2016-02

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2xx4-77e9-pfbb

url VCID-8atm-865q-mkf3

vulnerability_id VCID-8atm-865q-mkf3

summary Potential Information Disclosure and Insufficient Entropy vulnerability in `Zend\Captcha\Word`.

references

reference_url	https://framework.zend.com/security/advisory/ZF2015-09
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2015-09

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.17

purl pkg:composer/zendframework/zendframework1@1.12.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2xx4-77e9-pfbb

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-n2gy-93nd-gber

vulnerability	VCID-rc3w-5r97-k3b3

vulnerability	VCID-sjw9-2fwe-5ybg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.17

aliases ZF2015-09

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8atm-865q-mkf3

url VCID-bjvu-jg9w-mqdd

vulnerability_id VCID-bjvu-jg9w-mqdd

summary

SQL Injection
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern `[\w]*` in a regular expression.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6233

reference_id

reference_type

scores

value	0.01724
scoring_system	epss
scoring_elements	0.82763
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6233

reference_url

https://framework.zend.com/security/advisory/ZF2016-02

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://framework.zend.com/security/advisory/ZF2016-02

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2016-6233.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2016-6233.yaml

reference_url

https://github.com/zendframework/zendframework

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zendframework

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT

reference_url

https://security.gentoo.org/glsa/201804-10

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201804-10

reference_url

https://web.archive.org/web/20210123152547/http://www.securityfocus.com/bid/91802

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210123152547/http://www.securityfocus.com/bid/91802

reference_url	http://www.securityfocus.com/bid/91802
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/91802

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6233

reference_id

CVE-2016-6233

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6233

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.19

purl pkg:composer/zendframework/zendframework1@1.12.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rc3w-5r97-k3b3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.19

aliases CVE-2016-6233, GHSA-p9hp-3gpv-52w3

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bjvu-jg9w-mqdd

url VCID-n2gy-93nd-gber

vulnerability_id VCID-n2gy-93nd-gber

summary Potential Insufficient Entropy Vulnerability in ZF1.

references

reference_url	https://framework.zend.com/security/advisory/ZF2016-01
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2016-01

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.18

purl pkg:composer/zendframework/zendframework1@1.12.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2xx4-77e9-pfbb

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-rc3w-5r97-k3b3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.18

aliases ZF2016-01

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n2gy-93nd-gber

url VCID-njsg-e1w1-9qcy

vulnerability_id VCID-njsg-e1w1-9qcy

summary

XXE/XEE vulnerability via multibyte payloads
There's a flow that allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters. This only apply when running under PHP-FPM in a threaded environment.

references

reference_url	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161
reference_id
reference_type
scores
url	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161

reference_url

http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164409.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164409.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165147.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165147.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165173.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165173.html

reference_url

http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-5161

reference_id

reference_type

scores

value	0.39093
scoring_system	epss
scoring_elements	0.97355
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5161

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161

reference_url

http://seclists.org/fulldisclosure/2015/Aug/46

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2015/Aug/46

reference_url

https://framework.zend.com/security/advisory/ZF2015-06

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://framework.zend.com/security/advisory/ZF2015-06

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5161.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5161.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5161.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5161.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendxml/CVE-2015-5161.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendxml/CVE-2015-5161.yaml

reference_url

https://github.com/zendframework/ZendXml/commit/79f478fa2af85ce1fc18ac132dee5aa714c3b532

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/ZendXml/commit/79f478fa2af85ce1fc18ac132dee5aa714c3b532

reference_url

https://github.com/zendframework/zf1/commit/ff7edddf1410b44b5ead857c02698aad9f748d1b

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zf1/commit/ff7edddf1410b44b5ead857c02698aad9f748d1b

reference_url

https://github.com/zendframework/zf1/issues/393

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zf1/issues/393

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-5161

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-5161

reference_url

https://web.archive.org/web/20200228055156/http://www.securityfocus.com/bid/76177

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228055156/http://www.securityfocus.com/bid/76177

reference_url

https://www.exploit-db.com/exploits/37765

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/37765

reference_url

http://www.debian.org/security/2015/dsa-3340

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2015/dsa-3340

reference_url

http://www.securityfocus.com/bid/76177

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/76177

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/37765.txt
reference_id	CVE-2015-5161
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/37765.txt

reference_url

http://framework.zend.com/security/advisory/ZF2015-06

reference_id

CVE-2015-5161;OSVDB-125783

reference_type

exploit

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://framework.zend.com/security/advisory/ZF2015-06

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/38573.txt
reference_id	CVE-2015-5161;OSVDB-125783
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/38573.txt

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.14

purl pkg:composer/zendframework/zendframework1@1.12.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ncq-wptr-k3ha

vulnerability	VCID-2xx4-77e9-pfbb

vulnerability	VCID-8atm-865q-mkf3

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-n2gy-93nd-gber

vulnerability	VCID-q73m-16a9-rkgx

vulnerability	VCID-q74z-645k-c7dk

vulnerability	VCID-rc3w-5r97-k3b3

vulnerability	VCID-sjw9-2fwe-5ybg

vulnerability	VCID-uvgx-4m6v-2bg7

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.14

aliases CVE-2015-5161, GHSA-xp8p-9rq5-4wgv

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-njsg-e1w1-9qcy

url VCID-q73m-16a9-rkgx

vulnerability_id VCID-q73m-16a9-rkgx

summary

Potential Information Disclosure and Insufficient Entropy in Zend\Captcha\Word
Zend generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This can potentially lead to information disclosure should an attacker be able to brute force the random number generation.

references

reference_url	http://framework.zend.com/security/advisory/ZF2015-09
reference_id
reference_type
scores
url	http://framework.zend.com/security/advisory/ZF2015-09

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.17

purl pkg:composer/zendframework/zendframework1@1.12.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2xx4-77e9-pfbb

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-n2gy-93nd-gber

vulnerability	VCID-rc3w-5r97-k3b3

vulnerability	VCID-sjw9-2fwe-5ybg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.17

aliases GMS-2015-49

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q73m-16a9-rkgx

url VCID-q74z-645k-c7dk

vulnerability_id VCID-q74z-645k-c7dk

summary

Security Misconfiguration Vulnerability
Doctrine uses `mkdir($cacheDirectory )` to create caches directories. if your application runs with a umask of

references

reference_url

http://framework.zend.com/security/advisory/ZF2015-07

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://framework.zend.com/security/advisory/ZF2015-07

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-5723

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.10216
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7695
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7695

reference_url

https://framework.zend.com/security/advisory/ZF2015-07

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://framework.zend.com/security/advisory/ZF2015-07

reference_url

https://github.com/aws/aws-sdk-php/releases/tag/3.2.1

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/aws/aws-sdk-php/releases/tag/3.2.1

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/aws/aws-sdk-php/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/aws/aws-sdk-php/CVE-2015-5723.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/cache/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/cache/CVE-2015-5723.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/orm/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/orm/CVE-2015-5723.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-cache/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-cache/CVE-2015-5723.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5723.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5723.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zfcampus/zf-apigility-doctrine/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zfcampus/zf-apigility-doctrine/CVE-2015-5723.yaml

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-5723

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-5723

reference_url

https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

reference_url	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5723
reference_id
reference_type
scores
url	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5723

reference_url

http://www.debian.org/security/2015/dsa-3369

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2015/dsa-3369

reference_url

http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.16

purl pkg:composer/zendframework/zendframework1@1.12.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2xx4-77e9-pfbb

vulnerability	VCID-8atm-865q-mkf3

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-n2gy-93nd-gber

vulnerability	VCID-q73m-16a9-rkgx

vulnerability	VCID-rc3w-5r97-k3b3

vulnerability	VCID-sjw9-2fwe-5ybg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.16

aliases CVE-2015-5723, GHSA-pw5c-xqf2-6xc2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q74z-645k-c7dk

url VCID-rc3w-5r97-k3b3

vulnerability_id VCID-rc3w-5r97-k3b3

summary

Potential SQL injection in ORDER and GROUP functions
The implementation of ORDER BY and GROUP BY in `Zend_Db_Select` is prone to SQL injection when a combination of SQL expressions and comments are used.

references

reference_url	https://framework.zend.com/security/advisory/ZF2016-03
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2016-03

fixed_packages

url	pkg:composer/zendframework/zendframework1@1.12.20
purl	pkg:composer/zendframework/zendframework1@1.12.20
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.20

aliases ZF2016-03

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rc3w-5r97-k3b3

url VCID-sjw9-2fwe-5ybg

vulnerability_id VCID-sjw9-2fwe-5ybg

summary

Potential Insufficient Entropy
There are several methods used to generate random numbers in ZF1 that potentially used insufficient entropy. Moreover, there's a potential security issue in the usage of the `openssl_random_pseudo_bytes()` function in `Zend_Crypt_Math::randBytes`, reported in PHP BUG #70014, and the security implications reported in a discussion on the `random_compat` library.

references

reference_url	http://framework.zend.com/security/advisory/ZF2016-01
reference_id
reference_type
scores
url	http://framework.zend.com/security/advisory/ZF2016-01

reference_url	https://bugs.php.net/bug.php?id=70014
reference_id
reference_type
scores
url	https://bugs.php.net/bug.php?id=70014

reference_url	https://github.com/paragonie/random_compat/issues/96
reference_id
reference_type
scores
url	https://github.com/paragonie/random_compat/issues/96

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.18

purl pkg:composer/zendframework/zendframework1@1.12.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2xx4-77e9-pfbb

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-rc3w-5r97-k3b3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.18

aliases ZF2016-11

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sjw9-2fwe-5ybg

url VCID-uvgx-4m6v-2bg7

vulnerability_id VCID-uvgx-4m6v-2bg7

summary

SQL injection vector using null byte for PDO
The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection. This only impacts MsSql and SQLite adapters.

references

reference_url

http://framework.zend.com/security/advisory/ZF2015-08

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://framework.zend.com/security/advisory/ZF2015-08

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-7695

reference_id

reference_type

scores

value	0.02248
scoring_system	epss
scoring_elements	0.84884
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7695

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7695
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7695

reference_url

https://github.com/zendframework/zf1

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zf1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-7695

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7695

reference_url

http://www.debian.org/security/2015/dsa-3369

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2015/dsa-3369

reference_url

http://www.openwall.com/lists/oss-security/2015/09/30/6

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2015/09/30/6

reference_url

http://www.openwall.com/lists/oss-security/2015/09/30/8

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2015/09/30/8

reference_url

http://www.openwall.com/lists/oss-security/2015/10/11/3

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2015/10/11/3

reference_url

http://www.securityfocus.com/bid/76784

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/76784

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.16

purl pkg:composer/zendframework/zendframework1@1.12.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2xx4-77e9-pfbb

vulnerability	VCID-8atm-865q-mkf3

vulnerability	VCID-bjvu-jg9w-mqdd

vulnerability	VCID-n2gy-93nd-gber

vulnerability	VCID-q73m-16a9-rkgx

vulnerability	VCID-rc3w-5r97-k3b3

vulnerability	VCID-sjw9-2fwe-5ybg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.16

aliases CVE-2015-7695, GHSA-2hvh-c5c2-vj85

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uvgx-4m6v-2bg7

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.13

Package Instance