SQL Injection Vulnerability in Zend Framework by Zend Technologies
CVE-2014-8089

9.8CRITICAL

Key Information:

Vendor

Zend

Status
Zend Framework
Vendor
CVE Published:
17 February 2020
đź”” Create Zend Vulnerability Alert

What is CVE-2014-8089?

This vulnerability allows remote attackers to exploit SQL injection within the Zend Framework when using the sqlsrv PHP extension. By sending specially crafted SQL commands via a null byte, attackers can manipulate database queries, leading to unauthorized access and potential data breaches. This issue affects multiple versions of Zend Framework, making it crucial for users to update to the latest secure versions to mitigate potential risks.

References

http://www.securityfocus.com/bid/70011
vdb-entryx_refsource_BID
http://seclists.org/oss-sec/2014/q4/276
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1151277
x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.