CVE-2020-8984
Summary
| CVE | CVE-2020-8984 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-03-24 21:15:00 UTC |
| Updated | 2020-03-27 17:39:00 UTC |
| Description | lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header. |
Risk And Classification
Problem Types: CWE-346
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Zend | Zendto | 3.10 | All | All | All |
| Application | Zend | Zendto | 3.11 | All | All | All |
| Application | Zend | Zendto | 3.12 | All | All | All |
| Application | Zend | Zendto | 3.13 | All | All | All |
| Application | Zend | Zendto | 3.20 | All | All | All |
| Application | Zend | Zendto | 3.51 | All | All | All |
| Application | Zend | Zendto | 3.52 | All | All | All |
| Application | Zend | Zendto | 3.53 | All | All | All |
| Application | Zend | Zendto | 3.54 | All | All | All |
| Application | Zend | Zendto | 3.55 | All | All | All |
| Application | Zend | Zendto | 3.56-2 | All | All | All |
| Application | Zend | Zendto | 3.57 | All | All | All |
| Application | Zend | Zendto | 3.58 | All | All | All |
| Application | Zend | Zendto | 3.59 | All | All | All |
| Application | Zend | Zendto | 3.60 | All | All | All |
| Application | Zend | Zendto | 3.61 | All | All | All |
| Application | Zend | Zendto | 3.62 | All | All | All |
| Application | Zend | Zendto | 3.63 | All | All | All |
| Application | Zend | Zendto | 3.64 | All | All | All |
| Application | Zend | Zendto | 3.65 | All | All | All |
| Application | Zend | Zendto | 3.70-2 | All | All | All |
| Application | Zend | Zendto | 3.71 | All | All | All |
| Application | Zend | Zendto | 3.72 | All | All | All |
| Application | Zend | Zendto | 3.73 | All | All | All |
| Application | Zend | Zendto | 3.74 | All | All | All |
| Application | Zend | Zendto | 3.75 | All | All | All |
| Application | Zend | Zendto | 3.90 | All | All | All |
| Application | Zend | Zendto | 3.91 | All | All | All |
| Application | Zend | Zendto | 3.92 | All | All | All |
| Application | Zend | Zendto | 3.93 | All | All | All |
| Application | Zend | Zendto | 3.94 | All | All | All |
| Application | Zend | Zendto | 4.00 | All | All | All |
| Application | Zend | Zendto | 4.01 | All | All | All |
| Application | Zend | Zendto | 4.02 | All | All | All |
| Application | Zend | Zendto | 4.03-3 | All | All | All |
| Application | Zend | Zendto | 4.05-2 | All | All | All |
| Application | Zend | Zendto | 4.06-2 | All | All | All |
| Application | Zend | Zendto | 4.07-1 | All | All | All |
| Application | Zend | Zendto | 4.08-4 | All | All | All |
| Application | Zend | Zendto | 4.09-1 | All | All | All |
| Application | Zend | Zendto | 4.10-4 | All | All | All |
| Application | Zend | Zendto | 4.10-5 | All | All | All |
| Application | Zend | Zendto | 4.11-1 | All | All | All |
| Application | Zend | Zendto | 4.11-10 | All | All | All |
| Application | Zend | Zendto | 4.11-11 | All | All | All |
| Application | Zend | Zendto | 4.11-12 | All | All | All |
| Application | Zend | Zendto | 4.11-13 | All | All | All |
| Application | Zend | Zendto | 4.11-14 | All | All | All |
| Application | Zend | Zendto | 4.11-2 | All | All | All |
| Application | Zend | Zendto | 4.11-3 | All | All | All |
| Application | Zend | Zendto | 4.11-4 | All | All | All |
| Application | Zend | Zendto | 4.11-5 | All | All | All |
| Application | Zend | Zendto | 4.11-7 | All | All | All |
| Application | Zend | Zendto | 4.11-8 | All | All | All |
| Application | Zend | Zendto | 4.11-9 | All | All | All |
| Application | Zend | Zendto | 4.12-5 | All | All | All |
| Application | Zend | Zendto | 4.12-6 | All | All | All |
| Application | Zend | Zendto | 4.13-1 | All | All | All |
| Application | Zend | Zendto | 4.20-2 | All | All | All |
| Application | Zend | Zendto | 4.20-3 | All | All | All |
| Application | Zend | Zendto | 4.20-5 | All | All | All |
| Application | Zend | Zendto | 4.20-6 | All | All | All |
| Application | Zend | Zendto | 4.20-7 | All | All | All |
| Application | Zend | Zendto | 4.25-3 | All | All | All |
| Application | Zend | Zendto | 4.27-1 | All | All | All |
| Application | Zend | Zendto | 4.27-2 | All | All | All |
| Application | Zend | Zendto | 4.27-4 | All | All | All |
| Application | Zend | Zendto | 4.27-5 | All | All | All |
| Application | Zend | Zendto | 4.27-6 | All | All | All |
| Application | Zend | Zendto | 4.27-7 | All | All | All |
| Application | Zend | Zendto | 4.28-1 | All | All | All |
| Application | Zend | Zendto | 4.28-2 | All | All | All |
| Application | Zend | Zendto | 5.00-1 | All | All | All |
| Application | Zend | Zendto | 5.00-2 | All | All | All |
| Application | Zend | Zendto | 5.01-5 | All | All | All |
| Application | Zend | Zendto | 5.02-5 | All | All | All |
| Application | Zend | Zendto | 5.03-1 | All | All | All |
| Application | Zend | Zendto | 5.04-7 | All | All | All |
| Application | Zend | Zendto | 5.09-13 | All | All | All |
| Application | Zend | Zendto | 5.10-1 | All | All | All |
| Application | Zend | Zendto | 5.10-2 | All | All | All |
| Application | Zend | Zendto | 5.11-1 | All | All | All |
| Application | Zend | Zendto | 5.11-2 | All | All | All |
| Application | Zend | Zendto | 5.11-3 | All | All | All |
| Application | Zend | Zendto | 5.11-4 | All | All | All |
| Application | Zend | Zendto | 5.11-5 | All | All | All |
| Application | Zend | Zendto | 5.11-6 | All | All | All |
| Application | Zend | Zendto | 5.12-3 | beta | All | All |
| Application | Zend | Zendto | 5.12-4 | beta | All | All |
| Application | Zend | Zendto | 5.12-6 | beta | All | All |
| Application | Zend | Zendto | 5.12-7 | beta | All | All |
| Application | Zend | Zendto | 5.12-8 | beta | All | All |
| Application | Zend | Zendto | 5.13-1 | All | All | All |
| Application | Zend | Zendto | 5.13-2 | All | All | All |
| Application | Zend | Zendto | 5.14-2 | beta | All | All |
| Application | Zend | Zendto | 5.14-5 | beta | All | All |
| Application | Zend | Zendto | 5.15-1 | All | All | All |
| Application | Zend | Zendto | 5.16-1 | beta | All | All |
| Application | Zend | Zendto | 5.16-4 | beta | All | All |
| Application | Zend | Zendto | 5.16-5 | beta | All | All |
| Application | Zend | Zendto | 5.16-7 | beta | All | All |
| Application | Zend | Zendto | 5.16-8 | beta | All | All |
| Application | Zend | Zendto | 5.16.6 | beta | All | All |
| Application | Zend | Zendto | 5.17-1 | All | All | All |
| Application | Zend | Zendto | 5.17-2 | All | All | All |
| Application | Zend | Zendto | 5.17-3 | All | All | All |
| Application | Zend | Zendto | 5.17-4 | All | All | All |
| Application | Zend | Zendto | 5.17-5 | beta | All | All |
| Application | Zend | Zendto | 5.17-6 | All | All | All |
| Application | Zend | Zendto | 5.18-1 | beta | All | All |
| Application | Zend | Zendto | 5.18-2 | beta | All | All |
| Application | Zend | Zendto | 5.19-1 | production | All | All |
| Application | Zend | Zendto | 5.20-1 | beta | All | All |
| Application | Zend | Zendto | 5.20-2 | beta | All | All |
| Application | Zend | Zendto | 5.20-3 | beta | All | All |
| Application | Zend | Zendto | 5.20-5 | beta | All | All |
| Application | Zend | Zendto | 5.20-6 | beta | All | All |
| Application | Zend | Zendto | 5.20-7 | beta | All | All |
| Application | Zend | Zendto | 5.20-8 | beta | All | All |
| Application | Zend | Zendto | 5.20-9 | beta | All | All |
| Application | Zend | Zendto | 5.21-1 | production | All | All |
| Application | Zend | Zendto | 5.21-2 | production | All | All |
| Application | Zend | Zendto | 5.22-1 | beta | All | All |
| Application | Zend | Zendto | 3.10 | All | All | All |
| Application | Zend | Zendto | 3.11 | All | All | All |
| Application | Zend | Zendto | 3.12 | All | All | All |
| Application | Zend | Zendto | 3.13 | All | All | All |
| Application | Zend | Zendto | 3.20 | All | All | All |
| Application | Zend | Zendto | 3.51 | All | All | All |
| Application | Zend | Zendto | 3.52 | All | All | All |
| Application | Zend | Zendto | 3.53 | All | All | All |
| Application | Zend | Zendto | 3.54 | All | All | All |
| Application | Zend | Zendto | 3.55 | All | All | All |
| Application | Zend | Zendto | 3.56-2 | All | All | All |
| Application | Zend | Zendto | 3.57 | All | All | All |
| Application | Zend | Zendto | 3.58 | All | All | All |
| Application | Zend | Zendto | 3.59 | All | All | All |
| Application | Zend | Zendto | 3.60 | All | All | All |
| Application | Zend | Zendto | 3.61 | All | All | All |
| Application | Zend | Zendto | 3.62 | All | All | All |
| Application | Zend | Zendto | 3.63 | All | All | All |
| Application | Zend | Zendto | 3.64 | All | All | All |
| Application | Zend | Zendto | 3.65 | All | All | All |
| Application | Zend | Zendto | 3.70-2 | All | All | All |
| Application | Zend | Zendto | 3.71 | All | All | All |
| Application | Zend | Zendto | 3.72 | All | All | All |
| Application | Zend | Zendto | 3.73 | All | All | All |
| Application | Zend | Zendto | 3.74 | All | All | All |
| Application | Zend | Zendto | 3.75 | All | All | All |
| Application | Zend | Zendto | 3.90 | All | All | All |
| Application | Zend | Zendto | 3.91 | All | All | All |
| Application | Zend | Zendto | 3.92 | All | All | All |
| Application | Zend | Zendto | 3.93 | All | All | All |
| Application | Zend | Zendto | 3.94 | All | All | All |
| Application | Zend | Zendto | 4.00 | All | All | All |
| Application | Zend | Zendto | 4.01 | All | All | All |
| Application | Zend | Zendto | 4.02 | All | All | All |
| Application | Zend | Zendto | 4.03-3 | All | All | All |
| Application | Zend | Zendto | 4.05-2 | All | All | All |
| Application | Zend | Zendto | 4.06-2 | All | All | All |
| Application | Zend | Zendto | 4.07-1 | All | All | All |
| Application | Zend | Zendto | 4.08-4 | All | All | All |
| Application | Zend | Zendto | 4.09-1 | All | All | All |
| Application | Zend | Zendto | 4.10-4 | All | All | All |
| Application | Zend | Zendto | 4.10-5 | All | All | All |
| Application | Zend | Zendto | 4.11-1 | All | All | All |
| Application | Zend | Zendto | 4.11-10 | All | All | All |
| Application | Zend | Zendto | 4.11-11 | All | All | All |
| Application | Zend | Zendto | 4.11-12 | All | All | All |
| Application | Zend | Zendto | 4.11-13 | All | All | All |
| Application | Zend | Zendto | 4.11-14 | All | All | All |
| Application | Zend | Zendto | 4.11-2 | All | All | All |
| Application | Zend | Zendto | 4.11-3 | All | All | All |
| Application | Zend | Zendto | 4.11-4 | All | All | All |
| Application | Zend | Zendto | 4.11-5 | All | All | All |
| Application | Zend | Zendto | 4.11-7 | All | All | All |
| Application | Zend | Zendto | 4.11-8 | All | All | All |
| Application | Zend | Zendto | 4.11-9 | All | All | All |
| Application | Zend | Zendto | 4.12-5 | All | All | All |
| Application | Zend | Zendto | 4.12-6 | All | All | All |
| Application | Zend | Zendto | 4.13-1 | All | All | All |
| Application | Zend | Zendto | 4.20-2 | All | All | All |
| Application | Zend | Zendto | 4.20-3 | All | All | All |
| Application | Zend | Zendto | 4.20-5 | All | All | All |
| Application | Zend | Zendto | 4.20-6 | All | All | All |
| Application | Zend | Zendto | 4.20-7 | All | All | All |
| Application | Zend | Zendto | 4.25-3 | All | All | All |
| Application | Zend | Zendto | 4.27-1 | All | All | All |
| Application | Zend | Zendto | 4.27-2 | All | All | All |
| Application | Zend | Zendto | 4.27-4 | All | All | All |
| Application | Zend | Zendto | 4.27-5 | All | All | All |
| Application | Zend | Zendto | 4.27-6 | All | All | All |
| Application | Zend | Zendto | 4.27-7 | All | All | All |
| Application | Zend | Zendto | 4.28-1 | All | All | All |
| Application | Zend | Zendto | 4.28-2 | All | All | All |
| Application | Zend | Zendto | 5.00-1 | All | All | All |
| Application | Zend | Zendto | 5.00-2 | All | All | All |
| Application | Zend | Zendto | 5.01-5 | All | All | All |
| Application | Zend | Zendto | 5.02-5 | All | All | All |
| Application | Zend | Zendto | 5.03-1 | All | All | All |
| Application | Zend | Zendto | 5.04-7 | All | All | All |
| Application | Zend | Zendto | 5.09-13 | All | All | All |
| Application | Zend | Zendto | 5.10-1 | All | All | All |
| Application | Zend | Zendto | 5.10-2 | All | All | All |
| Application | Zend | Zendto | 5.11-1 | All | All | All |
| Application | Zend | Zendto | 5.11-2 | All | All | All |
| Application | Zend | Zendto | 5.11-3 | All | All | All |
| Application | Zend | Zendto | 5.11-4 | All | All | All |
| Application | Zend | Zendto | 5.11-5 | All | All | All |
| Application | Zend | Zendto | 5.11-6 | All | All | All |
| Application | Zend | Zendto | 5.12-3 | beta | All | All |
| Application | Zend | Zendto | 5.12-4 | beta | All | All |
| Application | Zend | Zendto | 5.12-6 | beta | All | All |
| Application | Zend | Zendto | 5.12-7 | beta | All | All |
| Application | Zend | Zendto | 5.12-8 | beta | All | All |
| Application | Zend | Zendto | 5.13-1 | All | All | All |
| Application | Zend | Zendto | 5.13-2 | All | All | All |
| Application | Zend | Zendto | 5.14-2 | beta | All | All |
| Application | Zend | Zendto | 5.14-5 | beta | All | All |
| Application | Zend | Zendto | 5.15-1 | All | All | All |
| Application | Zend | Zendto | 5.16-1 | beta | All | All |
| Application | Zend | Zendto | 5.16-4 | beta | All | All |
| Application | Zend | Zendto | 5.16-5 | beta | All | All |
| Application | Zend | Zendto | 5.16-7 | beta | All | All |
| Application | Zend | Zendto | 5.16-8 | beta | All | All |
| Application | Zend | Zendto | 5.16.6 | beta | All | All |
| Application | Zend | Zendto | 5.17-1 | All | All | All |
| Application | Zend | Zendto | 5.17-2 | All | All | All |
| Application | Zend | Zendto | 5.17-3 | All | All | All |
| Application | Zend | Zendto | 5.17-4 | All | All | All |
| Application | Zend | Zendto | 5.17-5 | beta | All | All |
| Application | Zend | Zendto | 5.17-6 | All | All | All |
| Application | Zend | Zendto | 5.18-1 | beta | All | All |
| Application | Zend | Zendto | 5.18-2 | beta | All | All |
| Application | Zend | Zendto | 5.19-1 | production | All | All |
| Application | Zend | Zendto | 5.20-1 | beta | All | All |
| Application | Zend | Zendto | 5.20-2 | beta | All | All |
| Application | Zend | Zendto | 5.20-3 | beta | All | All |
| Application | Zend | Zendto | 5.20-5 | beta | All | All |
| Application | Zend | Zendto | 5.20-6 | beta | All | All |
| Application | Zend | Zendto | 5.20-7 | beta | All | All |
| Application | Zend | Zendto | 5.20-8 | beta | All | All |
| Application | Zend | Zendto | 5.20-9 | beta | All | All |
| Application | Zend | Zendto | 5.21-1 | production | All | All |
| Application | Zend | Zendto | 5.21-2 | production | All | All |
| Application | Zend | Zendto | 5.22-1 | beta | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ::: Official Home Page for ZendTo - Web-Based File Transfer ::: | MISC | zend.to | Release Notes, Vendor Advisory |
| [ZendTo] New beta release 5.22-2 | MISC | jul.es | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.