zendframework/zend-db

Packagist2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting zendframework/zend-dbpage 1 of 1

CVE-2014-8089CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.3.3
2020-02-17
vulnerable: 2.3.0, 2.3.1, 2.3.2
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.
CVE-2015-0270CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.3.5
2019-10-25
vulnerable: 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4
Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter.

Check whether zendframework/zend-db is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for zendframework/zend-db CVEs against the assets you own.

Start Free Scan →