Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Deserialization
RCE
PHP
Laminas Http
Zend Framework
NVD
GitHub
CVSS 3.1
9.8
EPSS
75.3%