ZendFramework is vulnerable to SQL Injection. The order and group methods in library/Zend/Db/Select.php
does not sanitize the user input properly, allowing a malicious user to inject and execute arbitrary SQL queries.
CPE | Name | Operator | Version |
---|---|---|---|
zendframework/zendframework1 | le | 1.12.18 |