CVE-2011-1939

Summary

SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.

Affected Software

VendorProductVersion RangeStatus
zendframework;PHPzendframework1.10.x before 1.10.9affected
zendframework;PHPzendframework1.11.x before 1.11.6affected
zendframework;PHPPHPbefore 5.3.6affected

Weaknesses

  • potential SQL injection vector when using PDO_MySql (ZF2011-02)

ADP Enrichment

CVE Program Container

Additional References

References