Arbitrary Email Sending Vulnerability in Zend Framework by Zend Technologies
CVE-2009-4417

Currently unrated

Key Information:

Vendor: Zend
Status: Framework
Vendor: CVE Published:; 24 December 2009

What is CVE-2009-4417?

The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework has a flaw that allows context-dependent attackers to send unauthorized email messages to any recipient. This vulnerability exploits vectors related to 'events not yet mailed’, potentially compromising email integrity and causing privacy issues for users. Proper security measures and updates are essential to mitigate this risk.

References

http://www.suspekt.org/2009/12/09/advisory-032009-piwik-c...

x_refsource_MISC

http://www.sektioneins.de/en/advisories/advisory-032009-p...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 24, 2009