GHSA-2hvh-c5c2-vj85

Suggest an improvement
Source
https://github.com/advisories/GHSA-2hvh-c5c2-vj85
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2hvh-c5c2-vj85/GHSA-2hvh-c5c2-vj85.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-2hvh-c5c2-vj85
Aliases
  • CVE-2015-7695
Published
2022-05-17T03:44:23Z
Modified
2024-04-23T23:27:11.606527Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Zend Framework SQL injection vector using null byte for PDO
Details

The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.

Database specific
{
    "nvd_published_at": "2016-06-07T14:06:00Z",
    "cwe_ids": [
        "CWE-89"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-23T23:11:47Z"
}
References

Affected packages

Packagist / zendframework/zendframework1

Package

Name
zendframework/zendframework1
Purl
pkg:composer/zendframework/zendframework1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.12.16

Affected versions

1.*

1.12.0
1.12.1
1.12.2
1.12.3
1.12.4
1.12.5
1.12.6
1.12.7
1.12.8
1.12.9
1.12.10
1.12.11
1.12.12
1.12.13
1.12.14
1.12.15