PT-2019-6635 · Zend+1 · Zend Framework+2

Anthony Ferrara

Published

2019-11-26

Updated

2019-12-10

CVE-2011-1939

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Zend Framework versions 1.10.x through 1.10.8 Zend Framework versions 1.11.x through 1.11.5 PHP versions prior to 5.3.6

Description The issue is related to a SQL injection vulnerability when using non-ASCII-compatible encodings in conjunction with PDO MySql. This vulnerability can be exploited when the Zend Framework is used with PHP.

Recommendations For Zend Framework versions 1.10.x through 1.10.8, update to version 1.10.9 or later. For Zend Framework versions 1.11.x through 1.11.5, update to version 1.11.6 or later. For PHP versions prior to 5.3.6, update to version 5.3.6 or later.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2011-1939

Affected Products

Pdo Mysql

Php

Zend Framework

PT-2019-6635 · Zend+1 · Zend Framework+2

CVE-2011-1939

Weakness Enumeration

Related Identifiers

Affected Products

References · 11