From bleepingcomputer.com
An untrusted deserialization vulnerability disclosed this week in how Zend Framework can be exploited by attackers to achieve remote code execution on PHP sites.
This vulnerability tracked as CVE-2021-3007 may also impact some instances of Laminas Project, Zend’s successor.
Zend Framework consists of PHP packages installed over 570 million times. The framework is used by developers to build object-oriented web applications.