cbcvebase.
CVE-2009-4417
published 2009-12-24

CVE-2009-4417: The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-dependent attackers to send arbitrary e-mail messages to any…

PriorityP420medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
0.86%
53.9th percentile
The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-dependent attackers to send arbitrary e-mail messages to any recipient address via vectors related to "events not yet mailed."

Affected

45 ranges· showing 25
VendorProductVersion rangeFixed in
zendframework<= 1.9.6
zendframework
zendframework
zendframework
zendframework
zendframework
zendframework
zendframework
zendframework
zendframework
zendframework
zendframework
zendframework
zendframework
zendframework
zendframework
zendframework
zendframework
zendframework
zendframework
zendframework
zendframework
zendframework
zendframework
zendframework
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.