Remote Code Execution Vulnerability in Zend Framework
CVE-2020-29312

9.8CRITICAL

Key Information:

Vendor: Zend
Status: Zend Framework
Vendor: CVE Published:; 4 April 2023

What is CVE-2020-29312?

A vulnerability in Zend Framework allows a remote attacker to execute arbitrary code through the unserialize function. This issue impacts versions up to 3.1.3, as the framework had been deprecated in early 2020, making affected systems vulnerable to exploitation. Although debated by third parties regarding its completeness and accuracy, this vulnerability underscores the importance of regular software updates and security reviews, emphasizing the need for vigilance in web application security.

References

http://zend.com

https://cowtransfer.com/s/f9684f004d7149

https://github.com/zendframework/zendframework

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 4, 2023
Vulnerability Reserved
Nov 27, 2020