The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.
References
Configurations
History
07 Nov 2023, 02:32
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2017-02-17 02:59
Updated : 2023-12-10 12:01
NVD link : CVE-2016-4861
Mitre link : CVE-2016-4861
CVE.ORG link : CVE-2016-4861
JSON object : View
Products Affected
fedoraproject
- fedora
zend
- zend_framework
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')