The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jpcert
Published: 2017-02-16T18:00:00
Updated: 2024-08-06T00:46:38.449Z
Reserved: 2016-05-17T00:00:00
Link: CVE-2016-4861
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-02-17T02:59:13.013
Modified: 2024-11-21T02:53:07.763
Link: CVE-2016-4861
Redhat
No data.