VDB

GCVE-110-MAGEIA-2014-434

GCVE-110-MAGEIA-2014-434
Advisory Published
Vulnetix · Advisory published October 29, 2014
Due to a bug in PHP's LDAP extension, when ZendFramework's Zend_ldap class is used for logins, an attacker can login as any user by using a null byte to bypass the empty password check and perform an unauthenticated LDAP bind (CVE-2014-8088). The sqlsrv PHP extension, which provides the ability to connect to Microsoft SQL Server from PHP, does not provide a built-in quoting mechanism for manually quoting values to pass via SQL queries; developers are encouraged to use prepared statements. Zend Framework provides quoting mechanisms via Zend_Db_Adapter_Sqlsrv which uses the recommended "double single quote" ('') as quoting delimiters. SQL Server treats null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection (CVE-2014-8089).

Affected Products

VendorProductVersionsPlatforms
Mageiaphp-ZendFramework0 (affected), 1.12.9-1.mga3 (unaffected)
Mageiaphp-ZendFramework0 (affected), 1.12.9-1.mga4 (unaffected)

Browse GCVE Records

72,664 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›