Your submission was sent successfully! Close

CVE-2014-4914

Published: 29 December 2017

The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
zendframework
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise Does not exist

saucy Does not exist

trusty Does not exist

upstream Needs triage