9 matches found
Zendframework1 Potential SQL injection in ORDER and GROUP functions
The implementation of ORDER BY and GROUP BY in ZendDbSelect remained prone to SQL injection when a combination of SQL expressions and comments were used. This security patch provides a comprehensive solution that identifies and removes comments prior to checking validity of the statement to ensur...
GHSA-6FQW-J3VM-7F66 Zendframework1 Potential SQL injection in ORDER and GROUP functions
The implementation of ORDER BY and GROUP BY in ZendDbSelect remained prone to SQL injection when a combination of SQL expressions and comments were used. This security patch provides a comprehensive solution that identifies and removes comments prior to checking validity of the statement to ensur...
GHSA-2X36-QHX3-7M5F ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select
The implementation of the ORDER BY SQL statement in ZendDbSelect of Zend Framework 1 contains a potential SQL injection when the query string passed contains parentheses. For instance, the following code is affected by this issue: $db = ZendDb::factory / options here / ; $select = $db-select...
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select
The implementation of the ORDER BY SQL statement in ZendDbSelect of Zend Framework 1 contains a potential SQL injection when the query string passed contains parentheses. For instance, the following code is affected by this issue: $db = ZendDb::factory / options here / ; $select = $db-select...
CVE-2016-6233
The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern \w in a regular expression...
Sql injection
The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation...
CVE-2016-6233
The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern \w in a regular expression...
Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select
More info at https://framework.zend.com/security/advisory/ZF2016-02...
Potential SQL injection in the ORDER implementation of Zend_Db_Select
More info at https://framework.zend.com/security/advisory/ZF2014-04...