FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Zend Framework -- potential SQL injection when using PDO_MySql

Affected packages
ZendFramework < 1.11.6

Details

VuXML ID 34e8ccf5-7d71-11e0-9d83-000c29cc39d3
Discovery 2011-05-06
Entry 2011-05-13

The Zend Framework team reports:

Developers using non-ASCII-compatible encodings in conjunction with the MySQL PDO driver of PHP may be vulnerable to SQL injection attacks. Developers using ASCII-compatible encodings like UTF8 or latin1 are not affected by this PHP issue.

References

URL http://framework.zend.com/security/advisory/ZF2011-02
URL http://zend-framework-community.634137.n4.nabble.com/Zend-Framework-1-11-6-and-1-10-9-released-td3503741.html