CVE-2014-8089

NameCVE-2014-8089
DescriptionSQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-251-1, DSA-3265-1
NVD severityhigh

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
zendframeworksourcesqueeze1.10.6-1squeeze3DLA-251-1
zendframeworksourcewheezy1.11.13-1.1+deb7u1DSA-3265-1
zendframeworksource(unstable)1.12.9+dfsg-1

Notes

http://framework.zend.com/security/advisory/ZF2014-06

Search for package or bug name: Reporting problems