CVE-2015-1786Cross-Site Request Forgery in Framework

CWE-352Cross-Site Request Forgery7 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 70.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ZendframeworkZend Framework
Timeline
PublishedJun 8
Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

Packagistzendframework/zendframework2.3.02.3.6
NVDzend/zend_framework6 versions+5

🔴Vulnerability Details

3
OSV
Zend Framework CSRF Vulnerability2022-05-17
GHSA
Zend Framework CSRF Vulnerability2022-05-17
CVEList
CVE-2015-1786: Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 22017-06-08

💬Community

3
Bugzilla
CVE-2015-1786 php-ZendFramework2: invalid CSRF validation of null or incorrectly formatted token identifiers (ZF2015-03) [fedora-all]2015-03-31
Bugzilla
CVE-2015-1786 php-ZendFramework2: invalid CSRF validation of null or incorrectly formatted token identifiers (ZF2015-03) [epel-all]2015-03-31
Bugzilla
CVE-2015-1786 php-ZendFramework2: invalid CSRF validation of null or incorrectly formatted token identifiers (ZF2015-03)2015-03-31
CVE-2015-1786 — Cross-Site Request Forgery in Framework | cvebase