Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xaDl3LXI3ZzUtcTkzOc4AA7QZ
Zend Framework SQL injection vulnerability
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.
Permalink: https://github.com/advisories/GHSA-qh9w-r7g5-q939JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xaDl3LXI3ZzUtcTkzOc4AA7QZ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: 11 days ago
Updated: 11 days ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-qh9w-r7g5-q939, CVE-2014-8089
References:
- https://nvd.nist.gov/vuln/detail/CVE-2014-8089
- https://bugzilla.redhat.com/show_bug.cgi?id=1151277
- https://framework.zend.com/security/advisory/ZF2014-06
- https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-db/CVE-2014-8089.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2014-8089.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2014-8089.yaml
- http://framework.zend.com/security/advisory/ZF2014-06
- http://seclists.org/oss-sec/2014/q4/276
- http://www.securityfocus.com/bid/70011
- https://github.com/advisories/GHSA-qh9w-r7g5-q939
Affected Packages
packagist:zendframework/zendframework
Dependent packages: 953Dependent repositories: 7,968
Downloads: 7,329,188 total
Affected Version Ranges: >= 2.3.0, < 2.3.3, >= 2.2.0, < 2.2.8, >= 2.1.0, < 2.1.99, >= 2.0.0, < 2.0.99
Fixed in: 2.3.3, 2.2.8, 2.1.99, 2.0.99
All affected versions: 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.3.0, 2.3.1, 2.3.2
All unaffected versions: 2.2.8, 2.2.9, 2.2.10, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.4.10, 2.4.11, 2.4.12, 2.4.13, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 3.0.0
packagist:zendframework/zend-db
Dependent packages: 289Dependent repositories: 4,113
Downloads: 12,014,012 total
Affected Version Ranges: >= 2.3.0, < 2.3.3, >= 2.2.0, < 2.2.8, >= 2.1.0, < 2.1.99, >= 2.0.0, < 2.0.99
Fixed in: 2.3.3, 2.2.8, 2.1.99, 2.0.99
All affected versions: 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.3.0, 2.3.1, 2.3.2
All unaffected versions: 2.2.8, 2.2.9, 2.2.10, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.4.10, 2.4.11, 2.4.12, 2.4.13, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, 2.8.0, 2.8.1, 2.8.2, 2.9.0, 2.9.1, 2.9.2, 2.9.3, 2.10.0, 2.10.1, 2.11.0
packagist:zendframework/zendframework1
Dependent packages: 151Dependent repositories: 841
Downloads: 6,478,672 total
Affected Version Ranges: >= 1.12.0, < 1.12.9
Fixed in: 1.12.9
All affected versions: 1.12.0, 1.12.1, 1.12.2, 1.12.3, 1.12.4, 1.12.5, 1.12.6, 1.12.7, 1.12.8
All unaffected versions: 1.12.9, 1.12.10, 1.12.11, 1.12.12, 1.12.13, 1.12.14, 1.12.15, 1.12.16, 1.12.17, 1.12.18, 1.12.19, 1.12.20