CVE-2015-1786

Published: 08 June 2017

Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers.

Priority

Medium

CVSS 3 base score: 8.8

Status

Notes

this issue was introduced in 2.3.

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1786
• http://framework.zend.com/security/advisory/ZF2015-03
• NVD
• Launchpad
• Debian