The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework prior to 1.12.20 might allow remote malicious users to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fedoraproject fedora 25 |
||
fedoraproject fedora 24 |
||
fedoraproject fedora 23 |
||
zend zend framework |