Zend Server vulnerabilities
3 known vulnerabilities affecting zend/zend_server.
Total CVEs
3
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2018-10230P3MEDIUMCVSS 6.1PoCfixed in 9.1.32018-04-19
CVE-2018-10230 [MEDIUM] CWE-79 CVE-2018-10230: Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455.
Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455.
nvd
CVE-2024-9129P3CRITICALCVSS 9.3≥ 8.5, < 9.12024-10-22
CVE-2024-9129 [CRITICAL] CWE-134 CVE-2024-9129: In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered.
In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered.
Reported by Dylan Marino
nvd
CVE-2012-5382P4MEDIUMCVSS 6.0PoCv5.6.02012-10-11
CVE-2012-5382 [MEDIUM] CVE-2012-5382: Untrusted search path vulnerability in the installation functionality in Zend Server 5.6.0 SP4, when
Untrusted search path vulnerability in the installation functionality in Zend Server 5.6.0 SP4, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Zend\ZendServer\share\ZendFramework\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstr
nvd