Name of the Vulnerable Software and Affected Versions Zend Framework 1 (affected versions not specified)

Description The issue concerns the PDO adapters in Zend Framework 1, which fail to filter null byte values in SQL statements. This oversight allows an attacker to inject arbitrary SQL code by appending it after a null byte in a query, thus facilitating a SQL injection attack. Testing has confirmed the vulnerability using pdo dblib (FreeTDS) on a Linux system to access a remote Microsoft SQL Server, as well as against pdo sqlite.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.