ubuntu · CVE-2014-8089

Quick triage

Priority: medium Published: 2020-02-17 22:15:00 UTC Updated: 2025-08-26 11:52:24 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2014-8089 medium priority: Ubuntu including 2 source packages (zend-framework, zendframework), 50 status rows across 25 suites (artful, bionic, cosmic, disco, eoan, focal, groovy, hirsute, impish, jammy, lucid, mantic, noble, oracular, plucky, precise, questing, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): DNE 36, ignored 7, not-affected 4, needed 1, needs-triage 1, released 1.

Description:

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.

cvelogic Threat Intelligence