CVE-2014-8089
published 2020-02-17CVE-2014-8089: SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote…
PriorityP358critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.55%
83.1th percentile
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| zend | zend_framework | < 1.12.9 | 1.12.9 |
| zend | zend_framework | >= 2.2.0 < 2.2.8 | 2.2.8 |
| zend | zend_framework | >= 2.3.0 < 2.3.3 | 2.3.3 |
| zendframework | zend-db | >= 2.0.0 < 2.0.99 | 2.0.99 |
| zendframework | zend-db | >= 2.1.0 < 2.1.99 | 2.1.99 |
| zendframework | zend-db | >= 2.2.0 < 2.2.8 | 2.2.8 |
| zendframework | zend-db | >= 2.3.0 < 2.3.3 | 2.3.3 |
| zendframework | zendframework | >= 2.0.0 < 2.0.99 | 2.0.99 |
| zendframework | zendframework | >= 2.1.0 < 2.1.99 | 2.1.99 |
| zendframework | zendframework | >= 2.2.0 < 2.2.8 | 2.2.8 |
| zendframework | zendframework | >= 2.3.0 < 2.3.3 | 2.3.3 |
| zendframework | zendframework1 | >= 1.12.0 < 1.12.9 | 1.12.9 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Zend Framework SQL injection vulnerability
ghsa·2024-04-23
CVE-2014-8089 [CRITICAL] CWE-89 Zend Framework SQL injection vulnerability
Zend Framework SQL injection vulnerability
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.
OSV
Zend Framework SQL injection vulnerability
osv·2024-04-23
CVE-2014-8089 [CRITICAL] Zend Framework SQL injection vulnerability
Zend Framework SQL injection vulnerability
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.
OSV
CVE-2014-8089: SQL injection vulnerability in Zend Framework before 1
osv·2020-02-17·CVSS 9.8
CVE-2014-8089 [CRITICAL] CVE-2014-8089: SQL injection vulnerability in Zend Framework before 1
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.
No detection rules found.
No public exploits indexed.
http://framework.zend.com/security/advisory/ZF2014-06http://seclists.org/oss-sec/2014/q4/276http://www.securityfocus.com/bid/70011https://bugzilla.redhat.com/show_bug.cgi?id=1151277http://framework.zend.com/security/advisory/ZF2014-06http://seclists.org/oss-sec/2014/q4/276http://www.securityfocus.com/bid/70011https://bugzilla.redhat.com/show_bug.cgi?id=1151277
2020-02-17
Published