DSA-3369-1 zendframework -- zendframeworkID: oval:org.secpod.oval:def:602243 | Date: (C)2015-10-16 (M)2023-11-13 |
Class: PATCH | Family: unix |
Multiple vulnerabilities were discovered in Zend Framework, a PHP framework: CVE-2015-5723 It was discovered that due to incorrect permissions masks when creating directories, local attackers could potentially execute arbitrary code or escalate privileges. ZF2015-08 Chris Kings-Lynne discovered an SQL injection vector caused by missing null byte filtering in the MS SQL PDO backend, and a similar issue was also found in the SQLite backend.
Platform: |
Debian 8.x |
Debian 7.x |