XML External Entity (XXE) and XML Entity Expansion (XEE) Vulnerability in ZendXml and Zend Framework

XML External Entity (XXE) and XML Entity Expansion (XEE) Vulnerability in ZendXml and Zend Framework

CVE-2015-5161 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters.

Learn more about our External Network Penetration Testing.