Your submission was sent successfully! Close

CVE-2014-4914

Published: 29 December 2017

The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
zendframework
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist