Описание
The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| zendframework | fixed | 1.12.16+dfsg-1 | package |
Примечания
http://framework.zend.com/security/advisory/ZF2015-08
https://github.com/zendframework/zf1/commit/2ac9c30f73ec2e6235c602bed745749a551b4fe2
EPSS
Процентиль: 78%
0.01232
Низкий
Связанные уязвимости
CVSS3: 9.8
ubuntu
больше 9 лет назад
The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.
CVSS3: 9.8
nvd
больше 9 лет назад
The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.
CVSS3: 9.8
github
больше 3 лет назад
Zend Framework SQL injection vector using null byte for PDO
EPSS
Процентиль: 78%
0.01232
Низкий