First published: Fri Dec 29 2017(Updated: )
The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/zendframework | ||
Zend Zend Framework | <1.12.7 | |
Debian Debian Linux | =7.0 | |
Debian Debian Linux | =8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2014-4914 is critical with a severity value of 9.8.
The affected software for CVE-2014-4914 includes Zend Framework versions before 1.12.7 and Debian Linux versions 7.0 and 8.0.
CVE-2014-4914 allows remote attackers to conduct SQL injection attacks via unspecified vectors in the Zend_Db_Select::order function.
No remedies are available for CVE-2014-4914.
You can find more information about CVE-2014-4914 in the following references: [link1], [link2], [link3].