Name of the Vulnerable Software and Affected Versions Zend Framework 2 (affected versions not specified)

Description The issue concerns the ZendDb component in Zend Framework 2, which provides platform abstraction for SQL. Specifically, the quoteValue() and quoteValueList() methods in the platform interface are flawed, potentially leading to SQL injection. These methods are used for debugging and logging purposes but can also be used to produce SQL statements that are executed by the driver. The flaw arises from the methods not properly escaping characters when creating quoted values for SQL strings, and not considering character-sets when quoting values.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.