FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ZendFramework1 -- SQL injection vulnerability

Affected packages
ZendFramework1 < 1.12.16


VuXML ID d3324fdb-6bf0-11e5-bc5e-00505699053e
Discovery 2015-09-15
Entry 2015-10-06
Modified 2015-10-12

Zend Framework developers report:

The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection.


CVE Name CVE-2015-7695