CVE-2014-8089
Published: 17 February 2020
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.
Priority
CVSS 3 base score: 9.8
Status
Package | Release | Status |
---|---|---|
zend-framework Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lucid |
Ignored
(reached end-of-life)
|
|
precise |
Does not exist
(precise was needed)
|
|
trusty |
Does not exist
(trusty was needed)
|
|
upstream |
Needs triage
|
|
utopic |
Ignored
(reached end-of-life)
|
|
vivid |
Ignored
(reached end-of-life)
|
|
wily |
Ignored
(reached end-of-life)
|
|
xenial |
Ignored
(end of standard support, was needed)
|
|
yakkety |
Ignored
(reached end-of-life)
|
|
zesty |
Does not exist
|
|
zendframework Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
|
bionic |
Not vulnerable
|
|
cosmic |
Not vulnerable
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
lucid |
Ignored
(reached end-of-life)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(1.12.9+dfsg-1)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Not vulnerable
|