Developers using non-ASCII-compatible encodings in conjunction with the MySQL PDO driver of PHP may be vulnerable to SQL injection attacks. Developers using ASCII-compatible encodings like UTF8 or latin1 are not affected by this PHP issue, which is described in more detail here:
http://bugs.php.net/bug.php?id=47802
The PHP Group included a feature in PHP 5.3.6+ that allows any character set information to be passed as part of the DSN in PDO to allow both the database as well as the C-level driver to be aware of which charset is in use which is of special importance when PDO’s quoting mechanisms are utilized, which Zend Framework also relies on.
Vendor | Product | Version | CPE |
---|---|---|---|
zendframework | zendframework1 | * | cpe:2.3:a:zendframework:zendframework1:*:*:*:*:*:*:*:* |