[CRITICAL] SQL injection vector when manually quoting values for sqlsrv extension, using null byte

PKSA-7r13-9y1m-j63k CVE-2014-8089 GHSA-qh9w-r7g5-q939

Affected package: zendframework/zendframework1

Affected version: >=1.12.0,<1.12.9

Reported by:
GitHub, FriendsOfPHP/security-advisories