Package Instance

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-mhpx-3rv8-wrjm

reference_url

reference_id

GHSA-mhpx-3rv8-wrjm

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mhpx-3rv8-wrjm

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.4

purl pkg:composer/zendframework/zendframework1@1.12.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6duj-8u32-wyf8

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-8pwu-jv65-yfdk

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-dx2w-e51v-6ya7

vulnerability	VCID-ejyv-74a2-xkbd

vulnerability	VCID-ha1v-jhhj-xuay

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-jw3c-uvru-nbh2

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-nzjh-hsdn-73hr

vulnerability	VCID-pvs6-aj43-xue8

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-s5ss-4mta-wkd5

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-thgd-stfh-aqce

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.4

aliases GHSA-mhpx-3rv8-wrjm

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7tdb-2s5y-rqcz

url VCID-8p1a-4p3e-byhq

vulnerability_id VCID-8p1a-4p3e-byhq

summary

Improper Authentication
Potential security issue in login mechanism of ZendOpenId and Zend_OpenId consumer.

references

reference_url	https://framework.zend.com/security/advisory/ZF2014-02
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2014-02

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.4

purl pkg:composer/zendframework/zendframework1@1.12.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6duj-8u32-wyf8

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-8pwu-jv65-yfdk

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-dx2w-e51v-6ya7

vulnerability	VCID-ejyv-74a2-xkbd

vulnerability	VCID-ha1v-jhhj-xuay

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-jw3c-uvru-nbh2

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-nzjh-hsdn-73hr

vulnerability	VCID-pvs6-aj43-xue8

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-s5ss-4mta-wkd5

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-thgd-stfh-aqce

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.4

aliases ZF2014-02

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8p1a-4p3e-byhq

url VCID-8pwu-jv65-yfdk

vulnerability_id VCID-8pwu-jv65-yfdk

summary security update

references

reference_url	http://framework.zend.com/security/advisory/ZF2015-04
reference_id
reference_type
scores
url	http://framework.zend.com/security/advisory/ZF2015-04

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-3154

reference_id

reference_type

scores

value	0.00274
scoring_system	epss
scoring_elements	0.51128
published_at	2026-06-11T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.51259
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-3154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2681
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2681

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2682
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2682

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2683
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2683

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2684
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2684

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2685
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2685

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4914
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4914

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8088
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8088

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8089
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8089

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3154

reference_url

https://framework.zend.com/security/advisory/ZF2015-04

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://framework.zend.com/security/advisory/ZF2015-04

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-3154.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-3154.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-3154.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-3154.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-http/CVE-2015-3154.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-http/CVE-2015-3154.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-3154

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-3154

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.12

purl pkg:composer/zendframework/zendframework1@1.12.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-dx2w-e51v-6ya7

vulnerability	VCID-ha1v-jhhj-xuay

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-nzjh-hsdn-73hr

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-s5ss-4mta-wkd5

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-thgd-stfh-aqce

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.12

aliases CVE-2015-3154, GHSA-5957-5crx-79jx

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8pwu-jv65-yfdk

url VCID-b4z7-ezf5-3bhw

vulnerability_id VCID-b4z7-ezf5-3bhw

summary ZendFramework potential XML eXternal Entity injection vectors

references

reference_url

https://framework.zend.com/security/advisory/ZF2012-05

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://framework.zend.com/security/advisory/ZF2012-05

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2012-05.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2012-05.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-4j9x-g4x8-vcmf

reference_url

reference_id

GHSA-4j9x-g4x8-vcmf

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4j9x-g4x8-vcmf

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.1

purl pkg:composer/zendframework/zendframework1@1.12.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5t8q-ezzk-puds

vulnerability	VCID-6duj-8u32-wyf8

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-7tdb-2s5y-rqcz

vulnerability	VCID-8p1a-4p3e-byhq

vulnerability	VCID-8pwu-jv65-yfdk

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-bs77-acr8-5bhv

vulnerability	VCID-dx2w-e51v-6ya7

vulnerability	VCID-ejyv-74a2-xkbd

vulnerability	VCID-f43t-79fx-mqg2

vulnerability	VCID-ha1v-jhhj-xuay

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-jw3c-uvru-nbh2

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-nzjh-hsdn-73hr

vulnerability	VCID-pvs6-aj43-xue8

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-s5ss-4mta-wkd5

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-thgd-stfh-aqce

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-uhp8-5zvf-43eb

vulnerability	VCID-vvvm-agez-u7au

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.1

aliases GHSA-4j9x-g4x8-vcmf

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b4z7-ezf5-3bhw

url VCID-b5m8-jc12-1yc3

vulnerability_id VCID-b5m8-jc12-1yc3

summary Potential Information Disclosure and Insufficient Entropy vulnerability in `Zend\Captcha\Word`.

references

reference_url	https://framework.zend.com/security/advisory/ZF2015-09
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2015-09

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.17

purl pkg:composer/zendframework/zendframework1@1.12.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.17

aliases ZF2015-09

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b5m8-jc12-1yc3

url VCID-bs77-acr8-5bhv

vulnerability_id VCID-bs77-acr8-5bhv

summary Zendframework potential security issue in login mechanism

references

reference_url

https://framework.zend.com/security/advisory/ZF2014-02

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://framework.zend.com/security/advisory/ZF2014-02

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2014-02.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2014-02.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-9v78-h226-2rmq

reference_url

reference_id

GHSA-9v78-h226-2rmq

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9v78-h226-2rmq

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.4

purl pkg:composer/zendframework/zendframework1@1.12.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6duj-8u32-wyf8

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-8pwu-jv65-yfdk

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-dx2w-e51v-6ya7

vulnerability	VCID-ejyv-74a2-xkbd

vulnerability	VCID-ha1v-jhhj-xuay

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-jw3c-uvru-nbh2

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-nzjh-hsdn-73hr

vulnerability	VCID-pvs6-aj43-xue8

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-s5ss-4mta-wkd5

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-thgd-stfh-aqce

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.4

aliases GHSA-9v78-h226-2rmq

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bs77-acr8-5bhv

url VCID-dx2w-e51v-6ya7

vulnerability_id VCID-dx2w-e51v-6ya7

summary Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite)

references

reference_url

https://framework.zend.com/security/advisory/ZF2015-08

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://framework.zend.com/security/advisory/ZF2015-08

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2015-08.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2015-08.yaml

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-v42g-7q2x-cw32

reference_url

reference_id

GHSA-v42g-7q2x-cw32

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v42g-7q2x-cw32

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.16

purl pkg:composer/zendframework/zendframework1@1.12.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.16

aliases GHSA-v42g-7q2x-cw32

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dx2w-e51v-6ya7

url VCID-ejyv-74a2-xkbd

vulnerability_id VCID-ejyv-74a2-xkbd

summary ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select

references

reference_url

https://framework.zend.com/security/advisory/ZF2014-04

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://framework.zend.com/security/advisory/ZF2014-04

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2014-04.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2014-04.yaml

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-2x36-qhx3-7m5f

reference_url

reference_id

GHSA-2x36-qhx3-7m5f

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2x36-qhx3-7m5f

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.7

purl pkg:composer/zendframework/zendframework1@1.12.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6duj-8u32-wyf8

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-8pwu-jv65-yfdk

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-dx2w-e51v-6ya7

vulnerability	VCID-ha1v-jhhj-xuay

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-jw3c-uvru-nbh2

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-nzjh-hsdn-73hr

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-s5ss-4mta-wkd5

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-thgd-stfh-aqce

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.7

aliases GHSA-2x36-qhx3-7m5f

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ejyv-74a2-xkbd

url VCID-f43t-79fx-mqg2

vulnerability_id VCID-f43t-79fx-mqg2

summary security update

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://framework.zend.com/security/advisory/ZF2014-01

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://framework.zend.com/security/advisory/ZF2014-01

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-2681

reference_id

reference_type

scores

value	0.02971
scoring_system	epss
scoring_elements	0.86855
published_at	2026-06-12T12:55:00Z

value	0.02971
scoring_system	epss
scoring_elements	0.86808
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-2681

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2681
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2681

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2682
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2682

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2683
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2683

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2684
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2684

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2685
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2685

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4914
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4914

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8088
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8088

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8089
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8089

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3154

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-2681

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-2681

reference_url

https://web.archive.org/web/20150523055201/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:072/?name=MDVSA-2014:072

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20150523055201/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:072/?name=MDVSA-2014:072

reference_url

https://web.archive.org/web/20210125095213/http://www.securityfocus.com/bid/66358

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210125095213/http://www.securityfocus.com/bid/66358

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://framework.zend.com/security/advisory/ZF2012-05

reference_url	https://github.com/advisories/GHSA-43xg-87xw-jpv8
reference_id	GHSA-43xg-87xw-jpv8
reference_type
scores
url	https://github.com/advisories/GHSA-43xg-87xw-jpv8

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.4

purl pkg:composer/zendframework/zendframework1@1.12.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6duj-8u32-wyf8

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-8pwu-jv65-yfdk

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-dx2w-e51v-6ya7

vulnerability	VCID-ejyv-74a2-xkbd

vulnerability	VCID-ha1v-jhhj-xuay

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-jw3c-uvru-nbh2

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-nzjh-hsdn-73hr

vulnerability	VCID-pvs6-aj43-xue8

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-s5ss-4mta-wkd5

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-thgd-stfh-aqce

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.4

aliases CVE-2014-2681, GHSA-43xg-87xw-jpv8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f43t-79fx-mqg2

url VCID-g93c-4kug-tbg9

vulnerability_id VCID-g93c-4kug-tbg9

summary

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://framework.zend.com/security/advisory/ZF2012-05

reference_url

http://openwall.com/lists/oss-security/2012/12/20/2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2012/12/20/2

reference_url

http://openwall.com/lists/oss-security/2012/12/20/4

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2012/12/20/4

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-5657

reference_id

reference_type

scores

value	0.00719
scoring_system	epss
scoring_elements	0.72994
published_at	2026-06-12T12:55:00Z

value	0.00719
scoring_system	epss
scoring_elements	0.72916
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-5657

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zf1/commit/15c84914f063efea49ea1c4425459a792cc185ea

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zf1/commit/15c84914f063efea49ea1c4425459a792cc185ea

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-5657

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-5657

reference_url

https://web.archive.org/web/20131101014013/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:115/?name=MDVSA-2013:115

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20131101014013/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:115/?name=MDVSA-2013:115

reference_url

http://www.debian.org/security/2012/dsa-2602

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2012/dsa-2602

reference_url	https://github.com/advisories/GHSA-9m5v-vq4f-mrvf
reference_id	GHSA-9m5v-vq4f-mrvf
reference_type
scores
url	https://github.com/advisories/GHSA-9m5v-vq4f-mrvf

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.1

purl pkg:composer/zendframework/zendframework1@1.12.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5t8q-ezzk-puds

vulnerability	VCID-6duj-8u32-wyf8

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-7tdb-2s5y-rqcz

vulnerability	VCID-8p1a-4p3e-byhq

vulnerability	VCID-8pwu-jv65-yfdk

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-bs77-acr8-5bhv

vulnerability	VCID-dx2w-e51v-6ya7

vulnerability	VCID-ejyv-74a2-xkbd

vulnerability	VCID-f43t-79fx-mqg2

vulnerability	VCID-ha1v-jhhj-xuay

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-jw3c-uvru-nbh2

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-nzjh-hsdn-73hr

vulnerability	VCID-pvs6-aj43-xue8

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-s5ss-4mta-wkd5

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-thgd-stfh-aqce

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-uhp8-5zvf-43eb

vulnerability	VCID-vvvm-agez-u7au

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.1

aliases CVE-2012-5657, GHSA-9m5v-vq4f-mrvf

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g93c-4kug-tbg9

url VCID-ha1v-jhhj-xuay

vulnerability_id VCID-ha1v-jhhj-xuay

summary security update

references

reference_url	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161
reference_id
reference_type
scores
url	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161

reference_url

http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164409.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164409.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165147.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165147.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165173.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165173.html

reference_url

http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-5161

reference_id

reference_type

scores

value	0.39093
scoring_system	epss
scoring_elements	0.97373
published_at	2026-06-11T12:55:00Z

value	0.39093
scoring_system	epss
scoring_elements	0.9738
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5161

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161

reference_url

http://seclists.org/fulldisclosure/2015/Aug/46

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2015/Aug/46

reference_url

https://framework.zend.com/security/advisory/ZF2015-06

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://framework.zend.com/security/advisory/ZF2015-06

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5161.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5161.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5161.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5161.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendxml/CVE-2015-5161.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendxml/CVE-2015-5161.yaml

reference_url

https://github.com/zendframework/ZendXml/commit/79f478fa2af85ce1fc18ac132dee5aa714c3b532

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/ZendXml/commit/79f478fa2af85ce1fc18ac132dee5aa714c3b532

reference_url

https://github.com/zendframework/zf1/commit/ff7edddf1410b44b5ead857c02698aad9f748d1b

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zf1/commit/ff7edddf1410b44b5ead857c02698aad9f748d1b

reference_url

https://github.com/zendframework/zf1/issues/393

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zf1/issues/393

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-5161

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-5161

reference_url

https://web.archive.org/web/20200228055156/http://www.securityfocus.com/bid/76177

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228055156/http://www.securityfocus.com/bid/76177

reference_url

https://www.exploit-db.com/exploits/37765

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/37765

reference_url

http://www.debian.org/security/2015/dsa-3340

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2015/dsa-3340

reference_url

http://www.securityfocus.com/bid/76177

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/76177

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/37765.txt
reference_id	CVE-2015-5161
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/37765.txt

reference_url

http://framework.zend.com/security/advisory/ZF2015-06

reference_id

CVE-2015-5161;OSVDB-125783

reference_type

exploit

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://framework.zend.com/security/advisory/ZF2015-06

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/38573.txt
reference_id	CVE-2015-5161;OSVDB-125783
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/38573.txt

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.14

purl pkg:composer/zendframework/zendframework1@1.12.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-dx2w-e51v-6ya7

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-nzjh-hsdn-73hr

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-s5ss-4mta-wkd5

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-thgd-stfh-aqce

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.14

aliases CVE-2015-5161, GHSA-xp8p-9rq5-4wgv

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ha1v-jhhj-xuay

url VCID-jetd-1p57-hyh6

vulnerability_id VCID-jetd-1p57-hyh6

summary Zendframework Potential Information Disclosure and Insufficient Entropy vulnerability

references

reference_url

https://framework.zend.com/security/advisory/ZF2015-09

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://framework.zend.com/security/advisory/ZF2015-09

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2015-09.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2015-09.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-848f-mph5-9pm9

reference_url

reference_id

GHSA-848f-mph5-9pm9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-848f-mph5-9pm9

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.17

purl pkg:composer/zendframework/zendframework1@1.12.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.17

aliases GHSA-848f-mph5-9pm9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jetd-1p57-hyh6

url VCID-jw3c-uvru-nbh2

vulnerability_id VCID-jw3c-uvru-nbh2

summary security update

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141070.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141070.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141106.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141106.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-8088

reference_id

reference_type

scores

value	0.00608
scoring_system	epss
scoring_elements	0.70203
published_at	2026-06-11T12:55:00Z

value	0.00608
scoring_system	epss
scoring_elements	0.70293
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-8088

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2681
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2681

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2682
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2682

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2683
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2683

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2684
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2684

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2685
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2685

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4914
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4914

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8088
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8088

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8089
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8089

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3154

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/97038

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/97038

reference_url

https://framework.zend.com/security/advisory/ZF2014-05

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://framework.zend.com/security/advisory/ZF2014-05

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2014-8088.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2014-8088.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2014-8088.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2014-8088.yaml

reference_url

https://github.com/zendframework/zendframework/commit/a4222a6c1dc809f0f32fdafcd1ac4d583a075f2f

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zendframework/commit/a4222a6c1dc809f0f32fdafcd1ac4d583a075f2f

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-8088

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-8088

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2014/10/10/5

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2014/10/10/5

reference_url

http://www.securityfocus.com/bid/70378

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/70378

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.9

purl pkg:composer/zendframework/zendframework1@1.12.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-8pwu-jv65-yfdk

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-dx2w-e51v-6ya7

vulnerability	VCID-ha1v-jhhj-xuay

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-nzjh-hsdn-73hr

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-s5ss-4mta-wkd5

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-thgd-stfh-aqce

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.9

aliases CVE-2014-8088, GHSA-f6rc-rh43-h8gr

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jw3c-uvru-nbh2

url VCID-mu4w-1m4s-fqgb

vulnerability_id VCID-mu4w-1m4s-fqgb

summary

Multiple vulnerabilities have been found in Zend Framework, the
    worst of which could allow attackers to remotely execute arbitrary
    commands.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6233

reference_id

reference_type

scores

value	0.01724
scoring_system	epss
scoring_elements	0.82829
published_at	2026-06-11T12:55:00Z

value	0.01724
scoring_system	epss
scoring_elements	0.82891
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6233

reference_url

https://framework.zend.com/security/advisory/ZF2016-02

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://framework.zend.com/security/advisory/ZF2016-02

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2016-6233.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2016-6233.yaml

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6233

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6233

reference_url

https://web.archive.org/web/20210123152547/http://www.securityfocus.com/bid/91802

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210123152547/http://www.securityfocus.com/bid/91802

reference_url	http://www.securityfocus.com/bid/91802
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/91802

reference_url

https://security.gentoo.org/glsa/201804-10

reference_id

GLSA-201804-10

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201804-10

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.19

purl pkg:composer/zendframework/zendframework1@1.12.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-scar-8fh6-pkbz

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.19

aliases CVE-2016-6233, GHSA-p9hp-3gpv-52w3

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mu4w-1m4s-fqgb

url VCID-nzjh-hsdn-73hr

vulnerability_id VCID-nzjh-hsdn-73hr

summary security update

references

reference_url

http://framework.zend.com/security/advisory/ZF2015-08

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://framework.zend.com/security/advisory/ZF2015-08

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-7695

reference_id

reference_type

scores

value	0.02248
scoring_system	epss
scoring_elements	0.8494
published_at	2026-06-11T12:55:00Z

value	0.02248
scoring_system	epss
scoring_elements	0.84992
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7695

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7695
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7695

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7695

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7695

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2015/09/30/6

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2015/09/30/6

reference_url

http://www.openwall.com/lists/oss-security/2015/09/30/8

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2015/09/30/8

reference_url

http://www.openwall.com/lists/oss-security/2015/10/11/3

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2015/10/11/3

reference_url

http://www.securityfocus.com/bid/76784

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/76784

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.16

purl pkg:composer/zendframework/zendframework1@1.12.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.16

aliases CVE-2015-7695, GHSA-2hvh-c5c2-vj85

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nzjh-hsdn-73hr

url VCID-pvs6-aj43-xue8

vulnerability_id VCID-pvs6-aj43-xue8

summary

SQL Injection
Potential SQL injection in the ORDER implementation of `Zend_Db_Select`.

references

reference_url	https://framework.zend.com/security/advisory/ZF2014-04
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2014-04

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.7

purl pkg:composer/zendframework/zendframework1@1.12.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6duj-8u32-wyf8

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-8pwu-jv65-yfdk

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-dx2w-e51v-6ya7

vulnerability	VCID-ha1v-jhhj-xuay

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-jw3c-uvru-nbh2

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-nzjh-hsdn-73hr

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-s5ss-4mta-wkd5

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-thgd-stfh-aqce

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.7

aliases ZF2014-04

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pvs6-aj43-xue8

url VCID-qx35-s89y-aufb

vulnerability_id VCID-qx35-s89y-aufb

summary

Potential Insufficient Entropy
There are several methods used to generate random numbers in ZF1 that potentially used insufficient entropy. Moreover, there's a potential security issue in the usage of the `openssl_random_pseudo_bytes()` function in `Zend_Crypt_Math::randBytes`, reported in PHP BUG #70014, and the security implications reported in a discussion on the `random_compat` library.

references

reference_url	http://framework.zend.com/security/advisory/ZF2016-01
reference_id
reference_type
scores
url	http://framework.zend.com/security/advisory/ZF2016-01

reference_url	https://bugs.php.net/bug.php?id=70014
reference_id
reference_type
scores
url	https://bugs.php.net/bug.php?id=70014

reference_url	https://github.com/paragonie/random_compat/issues/96
reference_id
reference_type
scores
url	https://github.com/paragonie/random_compat/issues/96

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.18

purl pkg:composer/zendframework/zendframework1@1.12.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-ts3t-ua4s-nkbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.18

aliases ZF2016-11

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qx35-s89y-aufb

url VCID-rbf7-4u42-yyhq

vulnerability_id VCID-rbf7-4u42-yyhq

summary Potential Insufficient Entropy Vulnerability in ZF1.

references

reference_url	https://framework.zend.com/security/advisory/ZF2016-01
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2016-01

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.18

purl pkg:composer/zendframework/zendframework1@1.12.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-ts3t-ua4s-nkbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.18

aliases ZF2016-01

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rbf7-4u42-yyhq

url VCID-rnn1-91rc-ebcf

vulnerability_id VCID-rnn1-91rc-ebcf

summary

Potential SQL injection in ORDER and GROUP functions
The implementation of ORDER BY and GROUP BY in `Zend_Db_Select` is prone to SQL injection when a combination of SQL expressions and comments are used.

references

reference_url	https://framework.zend.com/security/advisory/ZF2016-03
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2016-03

fixed_packages

url	pkg:composer/zendframework/zendframework1@1.12.20
purl	pkg:composer/zendframework/zendframework1@1.12.20
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.20

aliases ZF2016-03

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rnn1-91rc-ebcf

url VCID-s5ss-4mta-wkd5

vulnerability_id VCID-s5ss-4mta-wkd5

summary

SQL Injection
Potential SQL injection vector using null byte for PDO (MsSql, SQLite).

references

reference_url	https://framework.zend.com/security/advisory/ZF2015-08
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2015-08

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.16

purl pkg:composer/zendframework/zendframework1@1.12.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.16

aliases ZF2015-08

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s5ss-4mta-wkd5

url VCID-scar-8fh6-pkbz

vulnerability_id VCID-scar-8fh6-pkbz

summary Zendframework1 Potential SQL injection in ORDER and GROUP functions

references

reference_url

https://framework.zend.com/security/advisory/ZF2016-03

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://framework.zend.com/security/advisory/ZF2016-03

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2016-03.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2016-03.yaml

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-6fqw-j3vm-7f66

reference_url

reference_id

GHSA-6fqw-j3vm-7f66

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6fqw-j3vm-7f66

fixed_packages

url	pkg:composer/zendframework/zendframework1@1.12.20
purl	pkg:composer/zendframework/zendframework1@1.12.20
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.20

aliases GHSA-6fqw-j3vm-7f66

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-scar-8fh6-pkbz

url VCID-thgd-stfh-aqce

vulnerability_id VCID-thgd-stfh-aqce

summary security update

references

reference_url

http://framework.zend.com/security/advisory/ZF2015-07

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://framework.zend.com/security/advisory/ZF2015-07

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-5723

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.1027
published_at	2026-06-11T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.1032
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7695
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7695

reference_url

https://framework.zend.com/security/advisory/ZF2015-07

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://framework.zend.com/security/advisory/ZF2015-07

reference_url

https://github.com/aws/aws-sdk-php/releases/tag/3.2.1

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/aws/aws-sdk-php/releases/tag/3.2.1

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/aws/aws-sdk-php/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/aws/aws-sdk-php/CVE-2015-5723.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/cache/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/cache/CVE-2015-5723.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/orm/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/orm/CVE-2015-5723.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-cache/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-cache/CVE-2015-5723.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5723.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5723.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zfcampus/zf-apigility-doctrine/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zfcampus/zf-apigility-doctrine/CVE-2015-5723.yaml

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-5723

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-5723

reference_url

https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

reference_url	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5723
reference_id
reference_type
scores
url	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5723

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.16

purl pkg:composer/zendframework/zendframework1@1.12.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.16

aliases CVE-2015-5723, GHSA-pw5c-xqf2-6xc2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-thgd-stfh-aqce

url VCID-ts3t-ua4s-nkbp

vulnerability_id VCID-ts3t-ua4s-nkbp

summary

Potential SQL injection
The implementation of `ORDER BY` and `GROUP BY` in `Zend_Db_Select` of ZF1 is vulnerable by the following SQL injection.

references

reference_url	https://framework.zend.com/security/advisory/ZF2016-02
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2016-02

reference_url	https://github.com/zendframework/zf1/commit/bf3f40605be3d8f136a07ae991079a7dcb34d967
reference_id
reference_type
scores
url	https://github.com/zendframework/zf1/commit/bf3f40605be3d8f136a07ae991079a7dcb34d967

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.19

purl pkg:composer/zendframework/zendframework1@1.12.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-scar-8fh6-pkbz

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.19

aliases ZF2016-02

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ts3t-ua4s-nkbp

url VCID-uhp8-5zvf-43eb

vulnerability_id VCID-uhp8-5zvf-43eb

summary security update

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://framework.zend.com/security/advisory/ZF2014-01

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://framework.zend.com/security/advisory/ZF2014-01

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-2682

reference_id

reference_type

scores

value	0.01826
scoring_system	epss
scoring_elements	0.83302
published_at	2026-06-11T12:55:00Z

value	0.01826
scoring_system	epss
scoring_elements	0.83363
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-2682

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2681
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2681

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2682
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2682

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2683
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2683

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2684
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2684

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2685
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2685

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4914
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4914

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8088
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8088

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8089
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8089

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3154

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-2682

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-2682

reference_url

https://web.archive.org/web/20140419041226/http://www.securityfocus.com/bid/66358

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20140419041226/http://www.securityfocus.com/bid/66358

reference_url

https://web.archive.org/web/20150523055201/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:072/?name=MDVSA-2014:072

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20150523055201/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:072/?name=MDVSA-2014:072

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url	https://github.com/advisories/GHSA-gp39-h9c2-qw79
reference_id	GHSA-gp39-h9c2-qw79
reference_type
scores
url	https://github.com/advisories/GHSA-gp39-h9c2-qw79

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.4

purl pkg:composer/zendframework/zendframework1@1.12.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6duj-8u32-wyf8

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-8pwu-jv65-yfdk

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-dx2w-e51v-6ya7

vulnerability	VCID-ejyv-74a2-xkbd

vulnerability	VCID-ha1v-jhhj-xuay

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-jw3c-uvru-nbh2

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-nzjh-hsdn-73hr

vulnerability	VCID-pvs6-aj43-xue8

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-s5ss-4mta-wkd5

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-thgd-stfh-aqce

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.4

aliases CVE-2014-2682, GHSA-gp39-h9c2-qw79

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uhp8-5zvf-43eb

url VCID-vvvm-agez-u7au

vulnerability_id VCID-vvvm-agez-u7au

summary security update

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://framework.zend.com/security/advisory/ZF2014-01

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://framework.zend.com/security/advisory/ZF2014-01

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-2683

reference_id

reference_type

scores

value	0.02558
scoring_system	epss
scoring_elements	0.8588
published_at	2026-06-12T12:55:00Z

value	0.02558
scoring_system	epss
scoring_elements	0.85831
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-2683

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2681
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2681

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2682
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2682

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2683
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2683

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2684
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2684

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2685
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2685

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4914
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4914

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8088
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8088

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8089
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8089

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3154

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-2683

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-2683

reference_url

https://web.archive.org/web/20140419041226/http://www.securityfocus.com/bid/66358

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20140419041226/http://www.securityfocus.com/bid/66358

reference_url

https://web.archive.org/web/20150523055201/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:072/?name=MDVSA-2014:072

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20150523055201/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:072/?name=MDVSA-2014:072

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://framework.zend.com/security/advisory/ZF2016-01

reference_url	https://github.com/advisories/GHSA-5wm2-38q5-5rxv
reference_id	GHSA-5wm2-38q5-5rxv
reference_type
scores
url	https://github.com/advisories/GHSA-5wm2-38q5-5rxv

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.4

purl pkg:composer/zendframework/zendframework1@1.12.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6duj-8u32-wyf8

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-8pwu-jv65-yfdk

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-dx2w-e51v-6ya7

vulnerability	VCID-ejyv-74a2-xkbd

vulnerability	VCID-ha1v-jhhj-xuay

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-jw3c-uvru-nbh2

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-nzjh-hsdn-73hr

vulnerability	VCID-pvs6-aj43-xue8

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-s5ss-4mta-wkd5

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-thgd-stfh-aqce

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.4

aliases CVE-2014-2683, GHSA-5wm2-38q5-5rxv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vvvm-agez-u7au

url VCID-x7ng-n6qp-gygu

vulnerability_id VCID-x7ng-n6qp-gygu

summary

Improper Restriction of XML External Entity Reference
Potential XML eXternal Entity injection vectors in Zend Framework 1 `Zend_Feed` component.

references

reference_url	https://framework.zend.com/security/advisory/ZF2012-05
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2012-05

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.1

purl pkg:composer/zendframework/zendframework1@1.12.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5t8q-ezzk-puds

vulnerability	VCID-6duj-8u32-wyf8

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-7tdb-2s5y-rqcz

vulnerability	VCID-8p1a-4p3e-byhq

vulnerability	VCID-8pwu-jv65-yfdk

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-bs77-acr8-5bhv

vulnerability	VCID-dx2w-e51v-6ya7

vulnerability	VCID-ejyv-74a2-xkbd

vulnerability	VCID-f43t-79fx-mqg2

vulnerability	VCID-ha1v-jhhj-xuay

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-jw3c-uvru-nbh2

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-nzjh-hsdn-73hr

vulnerability	VCID-pvs6-aj43-xue8

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-s5ss-4mta-wkd5

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-thgd-stfh-aqce

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-uhp8-5zvf-43eb

vulnerability	VCID-vvvm-agez-u7au

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.1

aliases ZF2012-05

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x7ng-n6qp-gygu

url VCID-xmv1-fye4-buey

vulnerability_id VCID-xmv1-fye4-buey

summary ZendFramework1 Potential Insufficient Entropy Vulnerability

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://framework.zend.com/security/advisory/ZF2016-01

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2016-01.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2016-01.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-8xhv-gqm4-3w99

reference_url

reference_id

GHSA-8xhv-gqm4-3w99

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8xhv-gqm4-3w99

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.18

purl pkg:composer/zendframework/zendframework1@1.12.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-ts3t-ua4s-nkbp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.18

aliases GHSA-8xhv-gqm4-3w99

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xmv1-fye4-buey

Fixing_vulnerabilities

url VCID-119w-anud-dufj

vulnerability_id VCID-119w-anud-dufj

summary

Cross-site Scripting
Potential XSS vector in `Zend_Dojo_View_Helper_Editor`.

references

reference_url	https://framework.zend.com/security/advisory/ZF2010-02
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2010-02

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.0

purl pkg:composer/zendframework/zendframework1@1.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5t8q-ezzk-puds

vulnerability	VCID-6duj-8u32-wyf8

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-7tdb-2s5y-rqcz

vulnerability	VCID-8p1a-4p3e-byhq

vulnerability	VCID-8pwu-jv65-yfdk

vulnerability	VCID-b4z7-ezf5-3bhw

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-bs77-acr8-5bhv

vulnerability	VCID-dx2w-e51v-6ya7

vulnerability	VCID-ejyv-74a2-xkbd

vulnerability	VCID-f43t-79fx-mqg2

vulnerability	VCID-g93c-4kug-tbg9

vulnerability	VCID-ha1v-jhhj-xuay

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-jw3c-uvru-nbh2

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-nzjh-hsdn-73hr

vulnerability	VCID-pvs6-aj43-xue8

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-s5ss-4mta-wkd5

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-thgd-stfh-aqce

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-uhp8-5zvf-43eb

vulnerability	VCID-vvvm-agez-u7au

vulnerability	VCID-x7ng-n6qp-gygu

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.0

aliases ZF2010-02

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-119w-anud-dufj

url VCID-4cxc-3a4z-53gt

vulnerability_id VCID-4cxc-3a4z-53gt

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-6531

reference_id

reference_type

scores

value	0.00905
scoring_system	epss
scoring_elements	0.76268
published_at	2026-06-12T12:55:00Z

value	0.00905
scoring_system	epss
scoring_elements	0.76197
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-6531

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zf1/commit/1b5e86183a72b7b10b6c89e4f95f08c5da9716db

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zf1/commit/1b5e86183a72b7b10b6c89e4f95f08c5da9716db

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-6531

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-6531

fixed_packages

url	pkg:composer/zendframework/zendframework1@1.11.13
purl	pkg:composer/zendframework/zendframework1@1.11.13
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.11.13

url pkg:composer/zendframework/zendframework1@1.12.0

purl pkg:composer/zendframework/zendframework1@1.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5t8q-ezzk-puds

vulnerability	VCID-6duj-8u32-wyf8

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-7tdb-2s5y-rqcz

vulnerability	VCID-8p1a-4p3e-byhq

vulnerability	VCID-8pwu-jv65-yfdk

vulnerability	VCID-b4z7-ezf5-3bhw

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-bs77-acr8-5bhv

vulnerability	VCID-dx2w-e51v-6ya7

vulnerability	VCID-ejyv-74a2-xkbd

vulnerability	VCID-f43t-79fx-mqg2

vulnerability	VCID-g93c-4kug-tbg9

vulnerability	VCID-ha1v-jhhj-xuay

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-jw3c-uvru-nbh2

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-nzjh-hsdn-73hr

vulnerability	VCID-pvs6-aj43-xue8

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-s5ss-4mta-wkd5

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-thgd-stfh-aqce

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-uhp8-5zvf-43eb

vulnerability	VCID-vvvm-agez-u7au

vulnerability	VCID-x7ng-n6qp-gygu

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.0

aliases CVE-2012-6531, GHSA-h5p3-7mg6-hgj4

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4cxc-3a4z-53gt

url VCID-a8ef-czcs-8ue2

vulnerability_id VCID-a8ef-czcs-8ue2

summary Potential SQL Injection Vector When Using `PDO_MySql`.

references

reference_url	https://framework.zend.com/security/advisory/ZF2011-02
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2011-02

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.0

purl pkg:composer/zendframework/zendframework1@1.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5t8q-ezzk-puds

vulnerability	VCID-6duj-8u32-wyf8

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-7tdb-2s5y-rqcz

vulnerability	VCID-8p1a-4p3e-byhq

vulnerability	VCID-8pwu-jv65-yfdk

vulnerability	VCID-b4z7-ezf5-3bhw

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-bs77-acr8-5bhv

vulnerability	VCID-dx2w-e51v-6ya7

vulnerability	VCID-ejyv-74a2-xkbd

vulnerability	VCID-f43t-79fx-mqg2

vulnerability	VCID-g93c-4kug-tbg9

vulnerability	VCID-ha1v-jhhj-xuay

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-jw3c-uvru-nbh2

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-nzjh-hsdn-73hr

vulnerability	VCID-pvs6-aj43-xue8

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-s5ss-4mta-wkd5

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-thgd-stfh-aqce

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-uhp8-5zvf-43eb

vulnerability	VCID-vvvm-agez-u7au

vulnerability	VCID-x7ng-n6qp-gygu

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.0

aliases ZF2011-02

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a8ef-czcs-8ue2

url VCID-bvpg-158t-ekap

vulnerability_id VCID-bvpg-158t-ekap

summary

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
File Inclusion vector in `Zend_View::setScriptPath()` and `render()`.

references

reference_url	https://framework.zend.com/security/advisory/ZF2009-01
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2009-01

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.0

purl pkg:composer/zendframework/zendframework1@1.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5t8q-ezzk-puds

vulnerability	VCID-6duj-8u32-wyf8

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-7tdb-2s5y-rqcz

vulnerability	VCID-8p1a-4p3e-byhq

vulnerability	VCID-8pwu-jv65-yfdk

vulnerability	VCID-b4z7-ezf5-3bhw

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-bs77-acr8-5bhv

vulnerability	VCID-dx2w-e51v-6ya7

vulnerability	VCID-ejyv-74a2-xkbd

vulnerability	VCID-f43t-79fx-mqg2

vulnerability	VCID-g93c-4kug-tbg9

vulnerability	VCID-ha1v-jhhj-xuay

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-jw3c-uvru-nbh2

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-nzjh-hsdn-73hr

vulnerability	VCID-pvs6-aj43-xue8

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-s5ss-4mta-wkd5

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-thgd-stfh-aqce

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-uhp8-5zvf-43eb

vulnerability	VCID-vvvm-agez-u7au

vulnerability	VCID-x7ng-n6qp-gygu

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.0

aliases ZF2009-01

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bvpg-158t-ekap

url VCID-dh9u-4cva-2ybr

vulnerability_id VCID-dh9u-4cva-2ybr

summary

Cross-site Scripting
Potential XSS vector in `Zend_Filter_StripTags` when comments allowed.

references

reference_url	https://framework.zend.com/security/advisory/ZF2010-03
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2010-03

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.0

purl pkg:composer/zendframework/zendframework1@1.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5t8q-ezzk-puds

vulnerability	VCID-6duj-8u32-wyf8

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-7tdb-2s5y-rqcz

vulnerability	VCID-8p1a-4p3e-byhq

vulnerability	VCID-8pwu-jv65-yfdk

vulnerability	VCID-b4z7-ezf5-3bhw

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-bs77-acr8-5bhv

vulnerability	VCID-dx2w-e51v-6ya7

vulnerability	VCID-ejyv-74a2-xkbd

vulnerability	VCID-f43t-79fx-mqg2

vulnerability	VCID-g93c-4kug-tbg9

vulnerability	VCID-ha1v-jhhj-xuay

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-jw3c-uvru-nbh2

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-nzjh-hsdn-73hr

vulnerability	VCID-pvs6-aj43-xue8

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-s5ss-4mta-wkd5

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-thgd-stfh-aqce

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-uhp8-5zvf-43eb

vulnerability	VCID-vvvm-agez-u7au

vulnerability	VCID-x7ng-n6qp-gygu

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.0

aliases ZF2010-03

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dh9u-4cva-2ybr

url VCID-gfbm-qrgk-dye4

vulnerability_id VCID-gfbm-qrgk-dye4

summary Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-3363

reference_id

reference_type

scores

value	0.55118
scoring_system	epss
scoring_elements	0.98101
published_at	2026-06-11T12:55:00Z

value	0.55118
scoring_system	epss
scoring_elements	0.98108
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3363

reference_url

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zf1/commit/281a3251d71ed40a5289ec4afc355eea8e014dc5

reference_url

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zf1/commit/281a3251d71ed40a5289ec4afc355eea8e014dc5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-3363

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-3363

reference_url

https://web.archive.org/web/20170223044943/http://www.securitytracker.com/id?1027208

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170223044943/http://www.securitytracker.com/id?1027208

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html

reference_id

101310.html

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/

url

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html

reference_id

101358.html

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/

url

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html

reference_url

http://openwall.com/lists/oss-security/2013/03/25/2

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/

url

http://openwall.com/lists/oss-security/2013/03/25/2

reference_url

http://www.openwall.com/lists/oss-security/2012/06/26/2

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/

url

http://www.openwall.com/lists/oss-security/2012/06/26/2

reference_url

http://www.openwall.com/lists/oss-security/2012/06/27/2

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/

url

http://www.openwall.com/lists/oss-security/2012/06/27/2

reference_url

https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt

reference_id

20120626-0_zend_framework_xxe_injection.txt

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/

url

https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt

reference_url

http://www.openwall.com/lists/oss-security/2012/06/26/4

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/

url

http://www.openwall.com/lists/oss-security/2012/06/26/4

reference_url

https://moodle.org/mod/forum/discuss.php?d=225345

reference_id

discuss.php?d=225345

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/

url

https://moodle.org/mod/forum/discuss.php?d=225345

reference_url

http://www.debian.org/security/2012/dsa-2505

reference_id

dsa-2505

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/

url

http://www.debian.org/security/2012/dsa-2505

reference_url	https://github.com/advisories/GHSA-7pg4-5233-82jv
reference_id	GHSA-7pg4-5233-82jv
reference_type
scores
url	https://github.com/advisories/GHSA-7pg4-5233-82jv

reference_url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34284

reference_id

gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34284

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/

url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34284

reference_url

http://www.securitytracker.com/id?1027208

reference_id

id?1027208

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/

url

http://www.securitytracker.com/id?1027208

reference_url

http://framework.zend.com/security/advisory/ZF2012-01

reference_id

OSVDB-83221;CVE-2012-3363

reference_type

exploit

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/

url

http://framework.zend.com/security/advisory/ZF2012-01

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/19408.txt
reference_id	OSVDB-83221;CVE-2012-3363
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/19408.txt

fixed_packages

url	pkg:composer/zendframework/zendframework1@1.11.12
purl	pkg:composer/zendframework/zendframework1@1.11.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.11.12

url pkg:composer/zendframework/zendframework1@1.12.0

purl pkg:composer/zendframework/zendframework1@1.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5t8q-ezzk-puds

vulnerability	VCID-6duj-8u32-wyf8

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-7tdb-2s5y-rqcz

vulnerability	VCID-8p1a-4p3e-byhq

vulnerability	VCID-8pwu-jv65-yfdk

vulnerability	VCID-b4z7-ezf5-3bhw

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-bs77-acr8-5bhv

vulnerability	VCID-dx2w-e51v-6ya7

vulnerability	VCID-ejyv-74a2-xkbd

vulnerability	VCID-f43t-79fx-mqg2

vulnerability	VCID-g93c-4kug-tbg9

vulnerability	VCID-ha1v-jhhj-xuay

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-jw3c-uvru-nbh2

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-nzjh-hsdn-73hr

vulnerability	VCID-pvs6-aj43-xue8

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-s5ss-4mta-wkd5

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-thgd-stfh-aqce

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-uhp8-5zvf-43eb

vulnerability	VCID-vvvm-agez-u7au

vulnerability	VCID-x7ng-n6qp-gygu

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.0

aliases CVE-2012-3363, GHSA-7pg4-5233-82jv

risk_score 10.0

exploitability 2.0

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gfbm-qrgk-dye4

url VCID-k1wd-f91s-r7bk

vulnerability_id VCID-k1wd-f91s-r7bk

summary

Cross-site Scripting
Potential XSS vector in `Zend_Service_ReCaptcha_MailHide`.

references

reference_url	https://framework.zend.com/security/advisory/ZF2010-05
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2010-05

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.0

purl pkg:composer/zendframework/zendframework1@1.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5t8q-ezzk-puds

vulnerability	VCID-6duj-8u32-wyf8

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-7tdb-2s5y-rqcz

vulnerability	VCID-8p1a-4p3e-byhq

vulnerability	VCID-8pwu-jv65-yfdk

vulnerability	VCID-b4z7-ezf5-3bhw

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-bs77-acr8-5bhv

vulnerability	VCID-dx2w-e51v-6ya7

vulnerability	VCID-ejyv-74a2-xkbd

vulnerability	VCID-f43t-79fx-mqg2

vulnerability	VCID-g93c-4kug-tbg9

vulnerability	VCID-ha1v-jhhj-xuay

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-jw3c-uvru-nbh2

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-nzjh-hsdn-73hr

vulnerability	VCID-pvs6-aj43-xue8

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-s5ss-4mta-wkd5

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-thgd-stfh-aqce

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-uhp8-5zvf-43eb

vulnerability	VCID-vvvm-agez-u7au

vulnerability	VCID-x7ng-n6qp-gygu

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.0

aliases ZF2010-05

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k1wd-f91s-r7bk

url VCID-md6r-1q1a-cqh6

vulnerability_id VCID-md6r-1q1a-cqh6

summary

Cross-site Scripting
Potential XSS vectors due to inconsistent encodings.

references

reference_url	https://framework.zend.com/security/advisory/ZF2010-01
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2010-01

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.0

purl pkg:composer/zendframework/zendframework1@1.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5t8q-ezzk-puds

vulnerability	VCID-6duj-8u32-wyf8

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-7tdb-2s5y-rqcz

vulnerability	VCID-8p1a-4p3e-byhq

vulnerability	VCID-8pwu-jv65-yfdk

vulnerability	VCID-b4z7-ezf5-3bhw

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-bs77-acr8-5bhv

vulnerability	VCID-dx2w-e51v-6ya7

vulnerability	VCID-ejyv-74a2-xkbd

vulnerability	VCID-f43t-79fx-mqg2

vulnerability	VCID-g93c-4kug-tbg9

vulnerability	VCID-ha1v-jhhj-xuay

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-jw3c-uvru-nbh2

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-nzjh-hsdn-73hr

vulnerability	VCID-pvs6-aj43-xue8

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-s5ss-4mta-wkd5

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-thgd-stfh-aqce

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-uhp8-5zvf-43eb

vulnerability	VCID-vvvm-agez-u7au

vulnerability	VCID-x7ng-n6qp-gygu

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.0

aliases ZF2010-01

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-md6r-1q1a-cqh6

url VCID-nh3v-7sg8-hubs

vulnerability_id VCID-nh3v-7sg8-hubs

summary

Improper Restriction of XML External Entity Reference
Local file disclosure via XXE injection in `Zend_XmlRpc`.

references

reference_url	https://framework.zend.com/security/advisory/ZF2012-01
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2012-01

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.0

purl pkg:composer/zendframework/zendframework1@1.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5t8q-ezzk-puds

vulnerability	VCID-6duj-8u32-wyf8

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-7tdb-2s5y-rqcz

vulnerability	VCID-8p1a-4p3e-byhq

vulnerability	VCID-8pwu-jv65-yfdk

vulnerability	VCID-b4z7-ezf5-3bhw

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-bs77-acr8-5bhv

vulnerability	VCID-dx2w-e51v-6ya7

vulnerability	VCID-ejyv-74a2-xkbd

vulnerability	VCID-f43t-79fx-mqg2

vulnerability	VCID-g93c-4kug-tbg9

vulnerability	VCID-ha1v-jhhj-xuay

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-jw3c-uvru-nbh2

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-nzjh-hsdn-73hr

vulnerability	VCID-pvs6-aj43-xue8

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-s5ss-4mta-wkd5

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-thgd-stfh-aqce

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-uhp8-5zvf-43eb

vulnerability	VCID-vvvm-agez-u7au

vulnerability	VCID-x7ng-n6qp-gygu

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.0

aliases ZF2012-01

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nh3v-7sg8-hubs

url VCID-q8w3-x5h9-7bfp

vulnerability_id VCID-q8w3-x5h9-7bfp

summary

Cross-Site Scripting
Potential Security Issues in Bundled Dojo Library.

references

reference_url	https://framework.zend.com/security/advisory/ZF2010-06
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2010-06

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.0

purl pkg:composer/zendframework/zendframework1@1.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5t8q-ezzk-puds

vulnerability	VCID-6duj-8u32-wyf8

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-7tdb-2s5y-rqcz

vulnerability	VCID-8p1a-4p3e-byhq

vulnerability	VCID-8pwu-jv65-yfdk

vulnerability	VCID-b4z7-ezf5-3bhw

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-bs77-acr8-5bhv

vulnerability	VCID-dx2w-e51v-6ya7

vulnerability	VCID-ejyv-74a2-xkbd

vulnerability	VCID-f43t-79fx-mqg2

vulnerability	VCID-g93c-4kug-tbg9

vulnerability	VCID-ha1v-jhhj-xuay

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-jw3c-uvru-nbh2

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-nzjh-hsdn-73hr

vulnerability	VCID-pvs6-aj43-xue8

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-s5ss-4mta-wkd5

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-thgd-stfh-aqce

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-uhp8-5zvf-43eb

vulnerability	VCID-vvvm-agez-u7au

vulnerability	VCID-x7ng-n6qp-gygu

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.0

aliases ZF2010-06

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q8w3-x5h9-7bfp

url VCID-uncf-htp9-ykcb

vulnerability_id VCID-uncf-htp9-ykcb

summary

Cross-Site Scripting
Potential Security Issues in Bundled Dojo Library.

references

reference_url	https://framework.zend.com/security/advisory/ZF2010-07
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2010-07

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.0

purl pkg:composer/zendframework/zendframework1@1.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5t8q-ezzk-puds

vulnerability	VCID-6duj-8u32-wyf8

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-7tdb-2s5y-rqcz

vulnerability	VCID-8p1a-4p3e-byhq

vulnerability	VCID-8pwu-jv65-yfdk

vulnerability	VCID-b4z7-ezf5-3bhw

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-bs77-acr8-5bhv

vulnerability	VCID-dx2w-e51v-6ya7

vulnerability	VCID-ejyv-74a2-xkbd

vulnerability	VCID-f43t-79fx-mqg2

vulnerability	VCID-g93c-4kug-tbg9

vulnerability	VCID-ha1v-jhhj-xuay

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-jw3c-uvru-nbh2

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-nzjh-hsdn-73hr

vulnerability	VCID-pvs6-aj43-xue8

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-s5ss-4mta-wkd5

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-thgd-stfh-aqce

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-uhp8-5zvf-43eb

vulnerability	VCID-vvvm-agez-u7au

vulnerability	VCID-x7ng-n6qp-gygu

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.0

aliases ZF2010-07

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uncf-htp9-ykcb

url VCID-wkgj-z7us-4bdb

vulnerability_id VCID-wkgj-z7us-4bdb

summary

Improper Restriction of XML External Entity Reference
Denial of Service vector via XEE injection.

references

reference_url	https://framework.zend.com/security/advisory/ZF2012-02
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2012-02

fixed_packages

url pkg:composer/zendframework/zendframework1@1.12.0

purl pkg:composer/zendframework/zendframework1@1.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5t8q-ezzk-puds

vulnerability	VCID-6duj-8u32-wyf8

vulnerability	VCID-6yzr-h81y-jbda

vulnerability	VCID-7tdb-2s5y-rqcz

vulnerability	VCID-8p1a-4p3e-byhq

vulnerability	VCID-8pwu-jv65-yfdk

vulnerability	VCID-b4z7-ezf5-3bhw

vulnerability	VCID-b5m8-jc12-1yc3

vulnerability	VCID-bs77-acr8-5bhv

vulnerability	VCID-dx2w-e51v-6ya7

vulnerability	VCID-ejyv-74a2-xkbd

vulnerability	VCID-f43t-79fx-mqg2

vulnerability	VCID-g93c-4kug-tbg9

vulnerability	VCID-ha1v-jhhj-xuay

vulnerability	VCID-jetd-1p57-hyh6

vulnerability	VCID-jw3c-uvru-nbh2

vulnerability	VCID-mu4w-1m4s-fqgb

vulnerability	VCID-nzjh-hsdn-73hr

vulnerability	VCID-pvs6-aj43-xue8

vulnerability	VCID-qx35-s89y-aufb

vulnerability	VCID-rbf7-4u42-yyhq

vulnerability	VCID-rnn1-91rc-ebcf

vulnerability	VCID-s5ss-4mta-wkd5

vulnerability	VCID-scar-8fh6-pkbz

vulnerability	VCID-thgd-stfh-aqce

vulnerability	VCID-ts3t-ua4s-nkbp

vulnerability	VCID-uhp8-5zvf-43eb

vulnerability	VCID-vvvm-agez-u7au

vulnerability	VCID-x7ng-n6qp-gygu

vulnerability	VCID-xmv1-fye4-buey

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.0

aliases ZF2012-02

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wkgj-z7us-4bdb

url VCID-wy2k-p6xh-t7av

vulnerability_id VCID-wy2k-p6xh-t7av

summary

references

reference_url

http://framework.zend.com/security/advisory/ZF2012-02

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://framework.zend.com/security/advisory/ZF2012-02

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-6532

reference_id

reference_type

scores

value	0.00474
scoring_system	epss
scoring_elements	0.65306
published_at	2026-06-12T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.65205
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-6532

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url