CVE-2015-0270 — SQL Injection in Framework

Severity

9.8CRITICALNVD

EPSS

0.3%

top 43.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedOct 25

Latest updateMay 24

Description

Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

▶NVDzend/framework2.3.0 — 2.3.5+1

▶Packagistzendframework/zend-db2.3.0 — 2.3.5+1

▶Packagistzendframework/zendframework2.3.0 — 2.3.5+1

▶CVEListV5zend/zend_frameworkbefore 2.2.10 and 2.3.x before 2.3.5

GHSA

Zend Framework Allows SQL Injection↗2022-05-24

▶

OSV

Zend Framework Allows SQL Injection↗2022-05-24

▶

CVEList

CVE-2015-0270: Zend Framework before 2↗2019-10-25

▶