Your submission was sent successfully! Close

CVE-2011-1939

Published: 26 November 2019

SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.

Priority

Low

CVSS 3 base score: 9.8

Status

Package Release Status
zendframework
Launchpad, Ubuntu, Debian
Upstream
Released (1.11.6,1.10.9)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Notes

AuthorNote
jdstrand
per upstream, only one who can exploit this is the author of
the code
upstream won't backport. Workaround is to use a supported encoding
(iso-8859-1/latin1, utf-8 and other encodings using lower 7 bits in an ASCII
compatible manner)
mdeslaur
actually an issue in zendframework

References

Bugs