VDB
GCVE-110-MAGEIA-2015-391
GCVE-110-MAGEIA-2015-391
Advisory Published
Zend Framework contained several instances where it was using incorrect
permissions masks, which could lead to local privilege escalation issues
(CVE-2015-5723).
The PDO adapters of Zend Framework 1 do not filter null bytes values in
SQL statements. A PDO adapter can treat null bytes in a query as a string
terminator, allowing an attacker to add arbitrary SQL following a null
byte, and thus create a SQL injection (ZF2015-08).
Note that the ZF2015-08 issue did not affect Zend Framework 2.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | php-ZendFramework2 | 2.4.8-1.mga5 (unaffected), 0 (affected) | — |
| Mageia | php-ZendFramework | 0 (affected), 1.12.16-1.mga5 (unaffected) | — |
Aliases
References
Browse GCVE Records
73,866 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.