Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zend Framework ‘Zend_XmlRpc’类信息泄露漏洞
Vulnerability Description
Zend Framework(ZF)是美国Zend公司开发的一套开源的PHP5开发框架,它主要用于开发Web程序和服务。 Zend Framework 1.11.13之前的1.x版本以及1.12.0之前的1.12.x版本中的Zend_XmlRpc中存在漏洞。通过XML-RPC请求中的DOCTYPE元素中的外部实体引用,远程攻击者可利用该漏洞读取任意文件或创建多个TCP连接。
CVSS Information
N/A
Vulnerability Type
N/A