Zend Framework remote code execution vulnerability revealed

From bleepingcomputer.com

Zend Framework background

An untrusted deserialization vulnerability disclosed this week in how Zend Framework can be exploited by attackers to achieve remote code execution on PHP sites.

This vulnerability tracked as CVE-2021-3007 may also impact some instances of Laminas Project, Zend’s successor.

Zend Framework consists of PHP packages installed over 570 million times. The framework is used by developers to build object-oriented web applications.

Read more…