CVE-2015-1786

NONE EPSS 46.9%
Published Jun 8, 20179y ago ยท Modified Jun 17, 20262w ago
Find Similar
Published Jun 8, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers.

Threat Intelligence

EPSS Exploit Probability
46.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-352 Cross-Site Request Forgery (CSRF) Authentication

Affected Products 6

VendorProductVersionRange
zendzend_framework2.3.0any
zendzend_framework2.3.1any
zendzend_framework2.3.2any
zendzend_framework2.3.3any
zendzend_framework2.3.4any
zendzend_framework2.3.5any

References 2

  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1207781
    Issue TrackingThird Party AdvisoryVDB Entry
  • framework.zend.com https://framework.zend.com/changelog/2.3.6
    Release NotesVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.