CVE-2015-7695
published 2016-06-07CVE-2015-7695: The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands…
PriorityP357critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
2.97%
85.5th percentile
The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| zend | zend_framework | <= 1.12.15 | — |
| zendframework | zendframework1 | >= 0 < 1.12.16 | 1.12.16 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Zend Framework SQL injection vector using null byte for PDO
ghsa·2022-05-17
CVE-2015-7695 [CRITICAL] CWE-89 Zend Framework SQL injection vector using null byte for PDO
Zend Framework SQL injection vector using null byte for PDO
The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.
OSV
Zend Framework SQL injection vector using null byte for PDO
osv·2022-05-17
CVE-2015-7695 [CRITICAL] Zend Framework SQL injection vector using null byte for PDO
Zend Framework SQL injection vector using null byte for PDO
The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.
OSV
CVE-2015-7695: The PDO adapters in Zend Framework before 1
osv·2016-06-07·CVSS 9.8
CVE-2015-7695 [CRITICAL] CVE-2015-7695: The PDO adapters in Zend Framework before 1
The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.
No detection rules found.
No public exploits indexed.
http://framework.zend.com/security/advisory/ZF2015-08http://www.debian.org/security/2015/dsa-3369http://www.openwall.com/lists/oss-security/2015/09/30/6http://www.openwall.com/lists/oss-security/2015/09/30/8http://www.openwall.com/lists/oss-security/2015/10/11/3http://www.securityfocus.com/bid/76784http://framework.zend.com/security/advisory/ZF2015-08http://www.debian.org/security/2015/dsa-3369http://www.openwall.com/lists/oss-security/2015/09/30/6http://www.openwall.com/lists/oss-security/2015/09/30/8http://www.openwall.com/lists/oss-security/2015/10/11/3http://www.securityfocus.com/bid/76784
2016-06-07
Published