VDB

GCVE-110-MAGEIA-2015-391

GCVE-110-MAGEIA-2015-391
Advisory Published
Vulnetix · Advisory published October 9, 2015
Zend Framework contained several instances where it was using incorrect permissions masks, which could lead to local privilege escalation issues (CVE-2015-5723). The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection (ZF2015-08). Note that the ZF2015-08 issue did not affect Zend Framework 2.

Affected Products

VendorProductVersionsPlatforms
Mageiaphp-ZendFramework22.4.8-1.mga5 (unaffected), 0 (affected)
Mageiaphp-ZendFramework0 (affected), 1.12.16-1.mga5 (unaffected)

Browse GCVE Records

73,866 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›