CVE-2014-8089: SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x bef ...

Severity: Critical

CVSS Score: 9.8

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.