The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework prior to 1.12.19 might allow remote malicious users to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fedoraproject fedora 25 |
||
fedoraproject fedora 24 |
||
fedoraproject fedora 23 |
||
zend zend framework |