Описание
Zend Framework Allows SQL Injection
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-6233
- https://framework.zend.com/security/advisory/ZF2016-02
- https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2016-6233.yaml
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT
- https://security.gentoo.org/glsa/201804-10
- https://web.archive.org/web/20210123152547/http://www.securityfocus.com/bid/91802
Пакеты
zendframework/zendframework
< 1.12.19
1.12.19
zendframework/zendframework1
< 1.12.19
1.12.19
Связанные уязвимости
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression.
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression.
The (1) order and (2) group methods in Zend_Db_Select in the Zend Fram ...