logo

Database

SQL injection - Code In zendframework/zendframework1

Description

Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite) The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection.

We tested and verified the null byte injection using pdo_dblib (FreeTDS) on a Linux environment to access a remote Microsoft SQL Server, and also tested against and noted the vector against pdo_sqlite.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GCVE-GHSA-v42g-7q2x-cw32

References

1. https://framework.zend.com/security/advisory/ZF2015-082. https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2015-08.yaml

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.