Information Disclosure in Zend Framework by Zend Server CE
CVE-2011-3825

Currently unrated

Key Information:

Vendor: Zend
Status: Framework; Server
Vendor: CVE Published:; 24 September 2011

What is CVE-2011-3825?

A vulnerability in Zend Framework 1.11.3 utilized by Zend Server CE 5.1.0 allows remote attackers to gain access to sensitive information. By making direct requests to certain .php files, such as Validate.php, attackers can trigger error messages that disclose the installation path of the application, potentially exposing it to further manipulation or exploitation.

References

http://code.google.com/p/inspathx/source/browse/trunk/pat...

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2011/06/27/6

mailing-listx_refsource_MLIST

http://code.google.com/p/inspathx/source/browse/trunk/pat...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 24, 2011