Posted by Dawid Golunski on Jan 03

Zend Framework < 2.4.11 Remote Code Execution (CVE-2016-10034)
zend-mail < 2.7.2

Discovered by Dawid Golunski (@dawid_golunski)
https://legalhackers.com

Desc:
An independent research uncovered a critical vulnerability in zend-mail, a
Zend Framework’s component that could potentially be used by (unauthenticated)
remote attackers to achieve remote arbitrary code execution in the context
of the web server user and remotely compromise…