CVE-2014-8089

Sažetak

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.

Reference

http://framework.zend.com/security/advisory/ZF2014-06
http://seclists.org/oss-sec/2014/q4/276
http://www.securityfocus.com/bid/70011
https://bugzilla.redhat.com/show_bug.cgi?id=1151277

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

20-02-2020 - 15:04

Objavljeno

17-02-2020 - 22:15