CVE-2014-8089

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.
References
Link Resource
http://framework.zend.com/security/advisory/ZF2014-06 Exploit Vendor Advisory
http://seclists.org/oss-sec/2014/q4/276 Mailing List Third Party Advisory
http://www.securityfocus.com/bid/70011 Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1151277 Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-02-17 22:15

Updated : 2023-12-10 13:13


NVD link : CVE-2014-8089

Mitre link : CVE-2014-8089

CVE.ORG link : CVE-2014-8089


JSON object : View

Products Affected

redhat

  • enterprise_linux

zend

  • zend_framework

fedoraproject

  • fedora
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')