First published: Thu Feb 16 2017(Updated: )
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.
Credit: vultures@jpcert.or.jp vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Fedoraproject Fedora | =23 | |
Fedoraproject Fedora | =24 | |
Fedoraproject Fedora | =25 | |
Zend Zend Framework | <=1.12.19 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.