PT-2019-6635 · Zend+1 · Zend Framework+2

Anthony Ferrara

·

Publicado

2019-11-26

·

Atualizado

2019-12-10

·

CVE-2011-1939

CVSS v2.0

7.5

Alta

VetorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Zend Framework versions 1.10.x through 1.10.8 Zend Framework versions 1.11.x through 1.11.5 PHP versions prior to 5.3.6
Description The issue is related to a SQL injection vulnerability when using non-ASCII-compatible encodings in conjunction with PDO MySql. This vulnerability can be exploited when the Zend Framework is used with PHP.
Recommendations For Zend Framework versions 1.10.x through 1.10.8, update to version 1.10.9 or later. For Zend Framework versions 1.11.x through 1.11.5, update to version 1.11.6 or later. For PHP versions prior to 5.3.6, update to version 5.3.6 or later.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2011-1939

Produtos afetados

Pdo Mysql
Php
Zend Framework