Critical severity9.8NVD Advisory· Published Jun 7, 2016· Updated May 6, 2026
CVE-2015-7695
CVE-2015-7695
Description
The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
zendframework/zendframework1Packagist | < 1.12.16 | 1.12.16 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- framework.zend.com/security/advisory/ZF2015-08nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-2hvh-c5c2-vj85ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-7695ghsaADVISORY
- www.debian.org/security/2015/dsa-3369nvdWEB
- www.openwall.com/lists/oss-security/2015/09/30/6nvdWEB
- www.openwall.com/lists/oss-security/2015/09/30/8nvdWEB
- www.openwall.com/lists/oss-security/2015/10/11/3nvdWEB
- www.securityfocus.com/bid/76784nvdWEB
News mentions
0No linked articles in our index yet.