VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-uvgx-4m6v-2bg7

Essentials
Severities (17)
References (11)
Severity details (16)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-uvgx-4m6v-2bg7
Aliases	CVE-2015-7695 GHSA-2hvh-c5c2-vj85
Summary	SQL injection vector using null byte for PDO The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection. This only impacts MsSql and SQLite adapters.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	9.8	http://framework.zend.com/security/advisory/ZF2015-08
generic_textual	CRITICAL	http://framework.zend.com/security/advisory/ZF2015-08
epss	0.02248	https://api.first.org/data/v1/epss?cve=CVE-2015-7695
cvssv3.1	9.8	https://github.com/zendframework/zf1
generic_textual	CRITICAL	https://github.com/zendframework/zf1
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2015-7695
generic_textual	CRITICAL	https://nvd.nist.gov/vuln/detail/CVE-2015-7695
cvssv3.1	9.8	http://www.debian.org/security/2015/dsa-3369
generic_textual	CRITICAL	http://www.debian.org/security/2015/dsa-3369
cvssv3.1	9.8	http://www.openwall.com/lists/oss-security/2015/09/30/6
generic_textual	CRITICAL	http://www.openwall.com/lists/oss-security/2015/09/30/6
cvssv3.1	9.8	http://www.openwall.com/lists/oss-security/2015/09/30/8
generic_textual	CRITICAL	http://www.openwall.com/lists/oss-security/2015/09/30/8
cvssv3.1	9.8	http://www.openwall.com/lists/oss-security/2015/10/11/3
generic_textual	CRITICAL	http://www.openwall.com/lists/oss-security/2015/10/11/3
cvssv3.1	9.8	http://www.securityfocus.com/bid/76784
generic_textual	CRITICAL	http://www.securityfocus.com/bid/76784

Reference id	Reference type	URL
		http://framework.zend.com/security/advisory/ZF2015-08
		https://api.first.org/data/v1/epss?cve=CVE-2015-7695
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7695
		https://github.com/zendframework/zf1
		https://nvd.nist.gov/vuln/detail/CVE-2015-7695
		http://www.debian.org/security/2015/dsa-3369
		http://www.openwall.com/lists/oss-security/2015/09/30/6
		http://www.openwall.com/lists/oss-security/2015/09/30/8
		http://www.openwall.com/lists/oss-security/2015/10/11/3
		http://www.securityfocus.com/bid/76784

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://framework.zend.com/security/advisory/ZF2015-08

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/zendframework/zf1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2015-7695

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.debian.org/security/2015/dsa-3369

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2015/09/30/6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2015/09/30/8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2015/10/11/3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/76784

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.84884
EPSS Score	0.02248
Published At	June 4, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:36:35.848284+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/CVE-2015-7695.yml	38.6.0