CVE-2016-4861
Published: 17 February 2017
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.
Priority
Medium
CVSS 3 base score: 9.8
Status
| Package | Release | Status |
|---|---|---|
|
zend-framework Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| precise |
Does not exist
(precise was needs-triage)
|
|
| trusty |
Does not exist
(trusty was needed)
|
|
| upstream |
Released
(1.12.20)
|
|
| xenial |
Ignored
(end of standard support, was needed)
|
|
| yakkety |
Ignored
(reached end-of-life)
|
|
| zesty |
Does not exist
|
|
|
zendframework Launchpad, Ubuntu, Debian |
artful |
Ignored
(reached end-of-life)
|
| bionic |
Not vulnerable
(1.12.20+dfsg-1)
|
|
| cosmic |
Not vulnerable
(1.12.20+dfsg-1)
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needed
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Ignored
(reached end-of-life)
|