CVE-2011-1939

CRITICAL

Zend Framework <1.10.9, <1.11.6 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1939. PoCs published by Anthony Ferrara.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Zend Framework by leveraging a character encoding bypass (GBK) to inject malicious SQL queries. It bypasses security restrictions by manipulating the PDO quote function with a specially crafted string.

Description

SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Anthony Ferrara · phpremotelinux

https://www.exploit-db.com/exploits/35784

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Zend Framework by leveraging a character encoding bypass (GBK) to inject malicious SQL queries. It bypasses security restrictions by manipulating the PDO quote function with a specially crafted string.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Zend Framework versions prior to 1.10.9 and 1.11.6

Auth required

Prerequisites: Access to a vulnerable Zend Framework application · Valid database credentials

MITRE ATT&CK