3 matches found
SOL06430416 - Zend Framework vulnerability CVE-2015-7695
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
CVE-2015-7695
CVE-2015-7695 affects Zend Framework’s PDO adapters in versions before 1.12.16. The issue is that null bytes are not filtered in SQL statements, allowing remote attackers to execute arbitrary SQL via a crafted query. Impact is remote, with network access and high severity in typical assessments. ...
[SECURITY] [DLA 326-1] zendframework security update
Package : zendframework Version : 1.10.6-1squeeze6 CVE ID : CVE-2015-7695 The PDO adapters of Zend Framework 1 did not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte,...