SQL Injection

zendframework/zendframework is vulnerable to SQL injection. The vulnerability is due to a flaw in the quoteValue and quoteValueList methods of the Zend\Db component, which did not account for all possible escapable characters, leading to improper quoting of values for SQL strings...

GHSA-X2F4-8WXF-W3VF ZendFramework SQL injection due to execution of platform-specific SQL containing interpolations

The Zend\Db component in Zend Framework 2 provides platform abstraction, which is used in particular for SQL abstraction. Two methods defined in the platform interface, quoteValue and quoteValueList, allow users to manually quote values for creating SQL statements; these are in turn consumed by...

ZendFramework SQL injection due to execution of platform-specific SQL containing interpolations

The Zend\Db component in Zend Framework 2 provides platform abstraction, which is used in particular for SQL abstraction. Two methods defined in the platform interface, quoteValue and quoteValueList, allow users to manually quote values for creating SQL statements; these are in turn consumed by...