Описание
Zend Framework Allows SQL Injection
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-4861
- https://framework.zend.com/security/advisory/ZF2016-03
- https://lists.debian.org/debian-lts-announce/2018/06/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT
- https://security.gentoo.org/glsa/201804-10
- http://jvn.jp/en/jp/JVN18926672/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2016-000158
Пакеты
zendframework/zendframework
< 1.12.20
1.12.20
Связанные уязвимости
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.
The (1) order and (2) group methods in Zend_Db_Select in the Zend Fram ...