oss-sec mailing list archives
Re: CVE Request: zendframework SQL injections
From: Alessandro Ghedini <alessandro () ghedini me>
Date: Wed, 30 Sep 2015 16:23:31 +0200
On Wed, Sep 30, 2015 at 12:55:45PM +0200, Alessandro Ghedini wrote:
Hello, the Zendframework project released the following advisory:ZF2015-08: Potential SQL injection vector using null byte for PDO (MsSql, SQLite)http://framework.zend.com/security/advisory/ZF2015-08 The patch for the MS SQL backend seems to be: https://github.com/zendframework/zf1/commit/2ac9c30f73ec2e6235c602bed745749a551b4fe2 but I couldn't find the fix for the mentioned SQLite backend.
It was pointed out to me that that patch also includes changes for the file library/Zend/Db/Adapter/Pdo/Abstract.php, which is used by the SQLite backend. So it should cover both MS SQL *and* SQLite. Cheers
Attachment:
signature.asc
Description:
Current thread:
- CVE Request: zendframework SQL injections Alessandro Ghedini (Sep 30)
- Re: CVE Request: zendframework SQL injections Alessandro Ghedini (Sep 30)