GHSA-v42g-7q2x-cw32

Опубликовано: 07 июн. 2024

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite)

The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection.

We tested and verified the null byte injection using pdo_dblib (FreeTDS) on a Linux environment to access a remote Microsoft SQL Server, and also tested against and noted the vector against pdo_sqlite.

Ссылки

https://framework.zend.com/security/advisory/ZF2015-08
https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2015-08.yaml

Пакеты

Наименование

zendframework/zendframework1

composer

Затронутые версииВерсия исправления

>= 1.12.0, < 1.12.16

1.12.16

9.8 Critical

CVSS3

Дефекты

CWE-89

9.8 Critical

CVSS3

Дефекты

CWE-89