Zendframework Zend-Db vulnerabilities

2 known vulnerabilities affecting zendframework/zend-db.

Total CVEs

2

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL2

Vulnerabilities

Page 1 of 1

CVE-2014-8089CRITICAL≥ 2.0.0, < 2.0.99≥ 2.1.0, < 2.1.99+2 more2024-04-23

CVE-2014-8089 [CRITICAL] CWE-89 Zend Framework SQL injection vulnerability Zend Framework SQL injection vulnerability SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.

CVE-2015-0270CRITICAL≥ 0, < 2.2.10≥ 2.3.0, < 2.3.52022-05-24

CVE-2015-0270 [CRITICAL] CWE-89 Zend Framework Allows SQL Injection Zend Framework Allows SQL Injection Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter.