Anthony Ferrara

**Name of the Vulnerable Software and Affected Versions** Zend Framework versions 1.10.x through 1.10.8 Zend Framework versions 1.11.x through 1.11.5 PHP versions prior to 5.3.6 **Description** The issue is related to a SQL injection vulnerability when using non-ASCII-compatible encodings in conjunction with PDO MySql. This vulnerability can be exploited when the Zend Framework is used with PHP. **Recommendations** For Zend Framework versions 1.10.x through 1.10.8, update to version 1.10.9 or later. For Zend Framework versions 1.11.x through 1.11.5, update to version 1.11.6 or later. For PHP versions prior to 5.3.6, update to version 5.3.6 or later.

**Name of the Vulnerable Software and Affected Versions** Drupal versions 5.x prior to 5.12 Drupal versions 6.x prior to 6.6 **Description** A cross-site scripting issue allows remote authenticated users with specific permissions to inject arbitrary web script or HTML. This is achieved by exploiting the book page title. **Recommendations** For versions 5.x prior to 5.12, update to version 5.12 or later. For versions 6.x prior to 6.6, update to version 6.6 or later.