CVE-2015-7695: Zend Framework SQL injection vector using null byte for PDO
9.8
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.78277%
CWE
Published
5/17/2022
Updated
4/23/2024
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
zendframework/zendframework1 | composer | < 1.12.16 | 1.12.16 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from missing null byte filtering in SQL query parameter handling. The Zend security advisory explicitly mentions the fix was applied to Zend_Db_Adapter_Pdo_Abstract using addcslashes to escape null bytes (\000). The commit 2ac9c30f73ec2e6235c602bed745749a551b4fe2 shows the vulnerable quote() method was modified in Abstract.php to add this filtering. Since all PDO adapters inherit from this abstract class, the quote() method was the common vulnerable entry point.