The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2017-02-16T18:00:00

Updated: 2024-08-06T00:46:38.449Z

Reserved: 2016-05-17T00:00:00

Link: CVE-2016-4861

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-02-17T02:59:13.013

Modified: 2024-11-21T02:53:07.763

Link: CVE-2016-4861

cve-icon Redhat

No data.