FreeBSD : Zend Framework -- Local File Inclusion vulnerability in Zend_View::render() (cf495fd4-fdcd-11dd-9a86-0050568452ac)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Matthew Weier O'Phinney reports :

A potential Local File Inclusion (LFI) vulnerability exists in the
Zend_View::render() method. If user input is used to specify the
script path, then it is possible to trigger the LFI.

Note that Zend Framework applications that never call the
Zend_View::render() method with a user-supplied parameter are not
affected by this vulnerability.

See also :

Solution :

Update the affected package.

Risk factor :


Family: FreeBSD Local Security Checks

Nessus Plugin ID: 35714 (freebsd_pkg_cf495fd4fdcd11dd9a860050568452ac.nasl)

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now