Packagist (Composer) package
zendframework/zend-db
pkg:composer/zendframework/zend-db
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-8089 | — | >= 2.0.0, < 2.0.99 | 2.0.99 | Feb 17, 2020 | SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. | ||
| CVE-2015-0270 | — | < 2.2.10 | 2.2.10 | Oct 25, 2019 | Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. |
- CVE-2014-8089Feb 17, 2020affected >= 2.0.0, < 2.0.99fixed 2.0.99
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.
- CVE-2015-0270Oct 25, 2019affected < 2.2.10fixed 2.2.10
Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter.