GHSA-qh9w-r7g5-q939

Source

https://github.com/advisories/GHSA-qh9w-r7g5-q939

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-qh9w-r7g5-q939/GHSA-qh9w-r7g5-q939.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-qh9w-r7g5-q939

Aliases

CVE-2014-8089

Published

2024-04-23T22:39:03Z

Modified

2024-04-23T23:26:46.881388Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Zend Framework SQL injection vulnerability

Details

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.

Database specific

{
    "github_reviewed_at": "2024-04-23T22:39:03Z",
    "cwe_ids": [
        "CWE-89"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "nvd_published_at": "2020-02-17T22:15:00Z"
}

References

Affected packages

Packagist

zendframework/zendframework1

Package

Name: zendframework/zendframework1
Purl: pkg:composer/zendframework/zendframework1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.12.0

Fixed

1.12.9

Affected versions

1.*

1.12.0

1.12.1

1.12.2

1.12.3

1.12.4

1.12.5

1.12.6

1.12.7

1.12.8

zendframework/zend-db

Package

Name: zendframework/zend-db
Purl: pkg:composer/zendframework/zend-db

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.0.99

Affected versions

2.*

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

zendframework/zend-db

Package

Name: zendframework/zend-db
Purl: pkg:composer/zendframework/zend-db

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1.0

Fixed

2.1.99

Affected versions

2.*

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

zendframework/zend-db

Package

Name: zendframework/zend-db
Purl: pkg:composer/zendframework/zend-db

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2.0

Fixed

2.2.8

Affected versions

2.*

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

zendframework/zend-db

Package

Name: zendframework/zend-db
Purl: pkg:composer/zendframework/zend-db

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.3.0

Fixed

2.3.3

Affected versions

2.*

2.3.0

2.3.1

2.3.2

zendframework/zendframework

Package

Name: zendframework/zendframework
Purl: pkg:composer/zendframework/zendframework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.0.99

Affected versions

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

zendframework/zendframework

Package

Name: zendframework/zendframework
Purl: pkg:composer/zendframework/zendframework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1.0

Fixed

2.1.99

Affected versions

2.*

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

zendframework/zendframework

Package

Name: zendframework/zendframework
Purl: pkg:composer/zendframework/zendframework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2.0

Fixed

2.2.8

Affected versions

2.*

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

zendframework/zendframework

Package

Name: zendframework/zendframework
Purl: pkg:composer/zendframework/zendframework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.3.0

Fixed

2.3.3

Affected versions

2.*

2.3.0

2.3.1

2.3.2