FreeBSD : Zend Framework -- potential SQL injection when using PDO_MySql (34e8ccf5-7d71-11e0-9d83-000c29cc39d3)

High Nessus Plugin ID 53906


The remote FreeBSD host is missing a security-related update.


The Zend Framework team reports :

Developers using non-ASCII-compatible encodings in conjunction with the MySQL PDO driver of PHP may be vulnerable to SQL injection attacks. Developers using ASCII-compatible encodings like UTF8 or latin1 are not affected by this PHP issue.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 53906

File Name: freebsd_pkg_34e8ccf57d7111e09d83000c29cc39d3.nasl

Version: $Revision: 1.4 $

Type: local

Published: 2011/05/16

Modified: 2013/06/21

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:ZendFramework, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2011/05/13

Vulnerability Publication Date: 2011/05/06