Miggo Logo

CVE-2015-7695: Zend Framework SQL injection vector using null byte for PDO

9.8

CVSS Score
3.0

Basic Information

EPSS Score
0.78277%
Published
5/17/2022
Updated
4/23/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
zendframework/zendframework1composer< 1.12.161.12.16

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from missing null byte filtering in SQL query parameter handling. The Zend security advisory explicitly mentions the fix was applied to Zend_Db_Adapter_Pdo_Abstract using addcslashes to escape null bytes (\000). The commit 2ac9c30f73ec2e6235c602bed745749a551b4fe2 shows the vulnerable quote() method was modified in Abstract.php to add this filtering. Since all PDO adapters inherit from this abstract class, the quote() method was the common vulnerable entry point.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** P*O ***pt*rs in Z*n* *r*m*work ***or* *.**.** *o not *il*r null *yt*s in SQL st*t*m*nts, w*i** *llows r*mot* *tt**k*rs to *x**ut* *r*itr*ry SQL *omm*n*s vi* * *r**t** qu*ry.

Reasoning

T** vuln*r**ility st*ms *rom missin* null *yt* *ilt*rin* in SQL qu*ry p*r*m*t*r **n*lin*. T** Z*n* s**urity **visory *xpli*itly m*ntions t** *ix w*s *ppli** to Z*n*_**_***pt*r_P*o_**str**t usin* ****sl*s**s to *s**p* null *yt*s (\***). T** *ommit ***