CVE-2009-4417Framework vulnerability

CWE-2642 documents2 sources
Severity
5.0MEDIUMNVD
EPSS
0.3%
top 51.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zend Framework
Timeline
PublishedDec 24
Latest updateMay 2

Description

The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-dependent attackers to send arbitrary e-mail messages to any recipient address via vectors related to "events not yet mailed."

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDzend/framework1.9.6+44

🔴Vulnerability Details

1
GHSA
GHSA-m29x-48p8-pr8r: The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-dependent attackers to send arbitrary e-mail messages to2022-05-02
CVE-2009-4417 — Zend Framework vulnerability | cvebase