cbcvebase.
CVE-2014-8089
published 2020-02-17

CVE-2014-8089: SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote…

PriorityP358critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.55%
83.1th percentile
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.

Affected

17 ranges
VendorProductVersion rangeFixed in
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
redhatenterprise_linux
redhatenterprise_linux
zendzend_framework< 1.12.91.12.9
zendzend_framework>= 2.2.0 < 2.2.82.2.8
zendzend_framework>= 2.3.0 < 2.3.32.3.3
zendframeworkzend-db>= 2.0.0 < 2.0.992.0.99
zendframeworkzend-db>= 2.1.0 < 2.1.992.1.99
zendframeworkzend-db>= 2.2.0 < 2.2.82.2.8
zendframeworkzend-db>= 2.3.0 < 2.3.32.3.3
zendframeworkzendframework>= 2.0.0 < 2.0.992.0.99
zendframeworkzendframework>= 2.1.0 < 2.1.992.1.99
zendframeworkzendframework>= 2.2.0 < 2.2.82.2.8
zendframeworkzendframework>= 2.3.0 < 2.3.32.3.3
zendframeworkzendframework1>= 1.12.0 < 1.12.91.12.9

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.