CVE-2014-8089
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
Zend Framework SQL injection vulnerability
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Packagist | zendframework/zendframework1 | >=1.12.0,<1.12.9 | 1.12.9 |
| Packagist | zendframework/zend-db | >=2.0.0,<2.0.99 | 2.0.99 |
| Packagist | zendframework/zend-db | >=2.1.0,<2.1.99 | 2.1.99 |
| Packagist | zendframework/zend-db | >=2.2.0,<2.2.8 | 2.2.8 |
| Packagist | zendframework/zend-db | >=2.3.0,<2.3.3 | 2.3.3 |
| Packagist | zendframework/zendframework | >=2.0.0,<2.0.99 | 2.0.99 |
| Packagist | zendframework/zendframework | >=2.1.0,<2.1.99 | 2.1.99 |
| Packagist | zendframework/zendframework | >=2.2.0,<2.2.8 | 2.2.8 |
| Packagist | zendframework/zendframework | >=2.3.0,<2.3.3 | 2.3.3 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2014-8089
- https://bugzilla.redhat.com/show_bug.cgi?id=1151277
- https://framework.zend.com/security/advisory/ZF2014-06
- https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-db/CVE-2014-8089.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2014-8089.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2014-8089.yaml
- http://framework.zend.com/security/advisory/ZF2014-06
- http://seclists.org/oss-sec/2014/q4/276
- http://www.securityfocus.com/bid/70011
Verify integrity in audit chain (admin only). AS-IS.