FLAT-J37B0 – Vulnerability | Fluid Attacks Database

Database

Description

Zend Framework Allows SQL Injection Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	zendframework/zendframework	>=0 <2.2.10 \|\| >=2.3.0 <2.3.5	2.2.10, 2.3.5
packagist	zendframework/zend-db	>=0 <2.2.10 \|\| >=2.3.0 <2.3.5	2.2.10, 2.3.5

Aliases

1. CVE-2015-02702. NVD-2015-02703. OSV-2015-02704. GCVE-2015-0270

References

1. https://github.com/zendframework/zendframework/commit/569f18228f5fc84534af6ff2f367ca1a7143ec652. https://framework.zend.com/security/advisory/ZF2015-023. https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-db/CVE-2015-0270.yaml4. https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-0270.yaml

FLAT-J37B0 – Vulnerability | Fluid Attacks Database