FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Zend Framework -- potential SQL injection when using PDO_MySql

Affected packages
ZendFramework < 1.11.6

Details

VuXML ID 34e8ccf5-7d71-11e0-9d83-000c29cc39d3
Discovery 2011-05-06
Entry 2011-05-13

The Zend Framework team reports:

Developers using non-ASCII-compatible encodings in conjunction with the MySQL PDO driver of PHP may be vulnerable to SQL injection attacks. Developers using ASCII-compatible encodings like UTF8 or latin1 are not affected by this PHP issue.

[source]

References

URL http://framework.zend.com/security/advisory/ZF2011-02
URL http://zend-framework-community.634137.n4.nabble.com/Zend-Framework-1-11-6-and-1-10-9-released-td3503741.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.

OSZAR »