Zend Framework < 2.2.10 / 2.3.x < 2.3.5 SQL Injection

2016-03-15T00:00:00
ID 9140.PRM
Type nessus
Reporter Tenable
Modified 2019-03-06T00:00:00

Description

Versions of Zend Framework earlier than 2.2.1, or 2.3.x earlier than 2.3.5 are exposed to a flaw that may allow carrying out an SQL injection attack. The issue is due to the program not properly sanitizing user-supplied input when handling identifiers or values. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

                                        
                                            Binary data 9140.prm