FreeBSD : Zend Framework -- Local File Inclusion vulnerability in Zend_View::render() (cf495fd4-fdcd-11dd-9a86-0050568452ac)
High Nessus Plugin ID 35714
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionMatthew Weier O'Phinney reports :
A potential Local File Inclusion (LFI) vulnerability exists in the Zend_View::render() method. If user input is used to specify the script path, then it is possible to trigger the LFI.
Note that Zend Framework applications that never call the Zend_View::render() method with a user-supplied parameter are not affected by this vulnerability.
SolutionUpdate the affected package.