GHSA-qh9w-r7g5-q939

Source

https://github.com/advisories/GHSA-qh9w-r7g5-q939

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-qh9w-r7g5-q939/GHSA-qh9w-r7g5-q939.json

Aliases

CVE-2014-8089

Published

2024-04-23T22:39:03Z

Modified

2024-04-23T23:26:46.881388Z

Details

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.

References

Affected packages

Packagist / zendframework/zendframework1

Package

Name: zendframework/zendframework1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.12.0

Fixed

1.12.9

Affected versions

1.*

1.12.0

1.12.1

1.12.2

1.12.3

1.12.4

1.12.5

1.12.6

1.12.7

1.12.8

Packagist / zendframework/zend-db

Package

Name: zendframework/zend-db

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.0.99

Affected versions

2.*

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

Packagist / zendframework/zend-db

Package

Name: zendframework/zend-db

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1.0

Fixed

2.1.99

Affected versions

2.*

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

Packagist / zendframework/zend-db

Package

Name: zendframework/zend-db

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2.0

Fixed

2.2.8

Affected versions

2.*

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

Packagist / zendframework/zend-db

Package

Name: zendframework/zend-db

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.3.0

Fixed

2.3.3

Affected versions

2.*

2.3.0

2.3.1

2.3.2

Packagist / zendframework/zendframework

Package

Name: zendframework/zendframework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.0.99

Affected versions

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

Packagist / zendframework/zendframework

Package

Name: zendframework/zendframework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1.0

Fixed

2.1.99

Affected versions

2.*

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

Packagist / zendframework/zendframework

Package

Name: zendframework/zendframework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2.0

Fixed

2.2.8

Affected versions

2.*

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

Packagist / zendframework/zendframework

Package

Name: zendframework/zendframework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.3.0

Fixed

2.3.3

Affected versions

2.*

2.3.0

2.3.1

2.3.2