2 matches found
ZendFramework potential SQL Injection Vector When Using PDO_MySql
Developers using non-ASCII-compatible encodings in conjunction with the MySQL PDO driver of PHP may be vulnerable to SQL injection attacks. Developers using ASCII-compatible encodings like UTF8 or latin1 are not affected by this PHP issue, which is described in more detail here:...
Updated php-ZendFramework packages fix security vulnerabilities
Due to a bug in PHP's LDAP extension, when ZendFramework's Zendldap class is used for logins, an attacker can login as any user by using a null byte to bypass the empty password check and perform an unauthenticated LDAP bind CVE-2014-8088. The sqlsrv PHP extension, which provides the ability to...