Vulnerability Database
289,784
Total vulnerabilities in the database
CVE-2014-8089
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.
| Software | From | Fixed in |
|---|---|---|
| zend / zend_framework | - | 1.12.9 |
| zend / zend_framework | 2.3.0 | 2.3.3 |
| zend / zend_framework | 2.2.0 | 2.2.8 |
| redhat / enterprise_linux | 7.0 | 7.0.x |
| redhat / enterprise_linux | 6.0 | 6.0.x |
| fedoraproject / fedora | 20 | 20.x |
| fedoraproject / fedora | 21 | 21.x |
| fedoraproject / fedora | 19 | 19.x |
zendframework / zendframework1
|
1.12.0 | 1.12.9 |
|
zendframework / zend-db
|
2.0.0 | 2.0.99 |
|
zendframework / zend-db
|
2.1.0 | 2.1.99 |
|
zendframework / zend-db
|
2.2.0 | 2.2.8 |
|
zendframework / zend-db
|
2.3.0 | 2.3.3 |
|
zendframework / zendframework
|
2.0.0 | 2.0.99 |
|
zendframework / zendframework
|
2.1.0 | 2.1.99 |
|
zendframework / zendframework
|
2.2.0 | 2.2.8 |
|
zendframework / zendframework
|
2.3.0 | 2.3.3 |
- http://framework.zend.com/security/advisory/ZF2014-06
- http://seclists.org/oss-sec/2014/q4/276
- http://www.securityfocus.com/bid/70011
- https://bugzilla.redhat.com/show_bug.cgi?id=1151277
- https://framework.zend.com/security/advisory/ZF2014-06
- https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-db/CVE-2014-8089.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2014-8089.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2014-8089.yaml