Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-4ktw-ht2w-tuhg
Vulnerability ID VCID-4ktw-ht2w-tuhg
Aliases GHSA-x2f4-8wxf-w3vf
Summary ZendFramework SQL injection due to execution of platform-specific SQL containing interpolations
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 8.8 https://framework.zend.com/security/advisory/ZF2013-03
generic_textual HIGH https://framework.zend.com/security/advisory/ZF2013-03
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-x2f4-8wxf-w3vf
cvssv3.1 8.8 https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/ZF2013-03.yaml
generic_textual HIGH https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/ZF2013-03.yaml
cvssv3.1 8.8 https://github.com/zendframework/zendframework
generic_textual HIGH https://github.com/zendframework/zendframework
cvssv3.1 8.8 https://github.com/zendframework/zendframework/commit/0ef63e7db5fa30a79a58eb7c6466c6ab5c0618c5
generic_textual HIGH https://github.com/zendframework/zendframework/commit/0ef63e7db5fa30a79a58eb7c6466c6ab5c0618c5
cvssv3.1 8.8 https://github.com/zendframework/zendframework/commit/546074660e6e10b9191bf0dc62b524d99f71a5cd
generic_textual HIGH https://github.com/zendframework/zendframework/commit/546074660e6e10b9191bf0dc62b524d99f71a5cd
cvssv3.1 8.8 https://github.com/zendframework/zendframework/commit/6d83777786b8e6171d82191ef917afd09fcb6601
generic_textual HIGH https://github.com/zendframework/zendframework/commit/6d83777786b8e6171d82191ef917afd09fcb6601
cvssv3.1 8.8 https://github.com/zendframework/zendframework/commit/870741d0c01a24ff23f9e209c8d393bd3a4115e3
generic_textual HIGH https://github.com/zendframework/zendframework/commit/870741d0c01a24ff23f9e209c8d393bd3a4115e3
cvssv3.1 8.8 https://github.com/zendframework/zendframework/commit/95c88c236e80b475141d227bdf7866ca40287dd1
generic_textual HIGH https://github.com/zendframework/zendframework/commit/95c88c236e80b475141d227bdf7866ca40287dd1
cvssv3.1 8.8 https://github.com/zendframework/zendframework/commit/d1f259b9d6dbd7c3828360afcfdd3658f2163ea0
generic_textual HIGH https://github.com/zendframework/zendframework/commit/d1f259b9d6dbd7c3828360afcfdd3658f2163ea0
Reference id Reference type URL
https://framework.zend.com/security/advisory/ZF2013-03
https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/ZF2013-03.yaml
https://github.com/zendframework/zendframework
https://github.com/zendframework/zendframework/commit/0ef63e7db5fa30a79a58eb7c6466c6ab5c0618c5
https://github.com/zendframework/zendframework/commit/546074660e6e10b9191bf0dc62b524d99f71a5cd
https://github.com/zendframework/zendframework/commit/6d83777786b8e6171d82191ef917afd09fcb6601
https://github.com/zendframework/zendframework/commit/870741d0c01a24ff23f9e209c8d393bd3a4115e3
https://github.com/zendframework/zendframework/commit/95c88c236e80b475141d227bdf7866ca40287dd1
https://github.com/zendframework/zendframework/commit/d1f259b9d6dbd7c3828360afcfdd3658f2163ea0
GHSA-x2f4-8wxf-w3vf https://github.com/advisories/GHSA-x2f4-8wxf-w3vf
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://framework.zend.com/security/advisory/ZF2013-03
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/ZF2013-03.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/zendframework/zendframework
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/zendframework/zendframework/commit/0ef63e7db5fa30a79a58eb7c6466c6ab5c0618c5
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/zendframework/zendframework/commit/546074660e6e10b9191bf0dc62b524d99f71a5cd
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/zendframework/zendframework/commit/6d83777786b8e6171d82191ef917afd09fcb6601
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/zendframework/zendframework/commit/870741d0c01a24ff23f9e209c8d393bd3a4115e3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/zendframework/zendframework/commit/95c88c236e80b475141d227bdf7866ca40287dd1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/zendframework/zendframework/commit/d1f259b9d6dbd7c3828360afcfdd3658f2163ea0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-05-31T01:03:51.196523+00:00 GHSA Importer Import https://github.com/advisories/GHSA-x2f4-8wxf-w3vf 38.6.0