2017-12-29 15:29:00 2018-01-17 17:50:32

The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Zend Framework 1.0.0 Zend Framework 1.0.0 Release Candidate 1 Zend Framework 1.0.0 Release Candidate Zend Framework 1.0.0 Release Candidate 2a Zend Framework 1.0.0 Release Candidate 3 Zend Framework 1.0.1 Zend Framework 1.0.2 Zend Framework 1.0.3 Zend Framework 1.0.4 Zend Framework 1.5.0 Zend Framework 1.5.0pl Zend Framework 1.5.0PR Zend Framework 1.5.0 Release Candidate 1 Zend Framework 1.5.0 Release Candidate 2 Zend Framework 1.5.0 Release Candidate 3 Zend Framework 1.5.1 Zend Framework 1.5.2 Zend Framework 1.5.3 Zend Framework 1.6.0 Zend Framework 1.6.0 Release Candidate 1 Zend Framework 1.6.0 Release Candidate 2 Zend Framework 1.6.0 Release Candidate 3 Zend Framework 1.6.1 Zend Framework 1.6.2 Zend Framework 1.7.0 Zend Framework 1.7.0pl1 Zend Framework 1.7.0pr Zend Framework 1.7.1 Zend Framework 1.7.2 Zend Framework 1.7.3 Zend Framework 1.7.3pl1 Zend Framework 1.7.4 Zend Framework 1.7.5 Zend Framework 1.7.6 Zend Framework 1.7.7 Zend Framework 1.7.8 Zend Framework 1.7.9 Zend Framework 1.8.0 Zend Framework 1.8.0a1 Zend Framework 1.8.0b1 Zend Framework 1.8.1 Zend Framework 1.8.2 Zend Framework 1.8.3 Zend Framework 1.8.4 Zend Framework 1.8.4pl1 Zend Framework 1.8.5 Zend Framework 1.9.0 Zend Framework 1.9.0a1 Zend Framework 1.9.0b1 Zend Framework 1.9.0rc1 Zend Framework 1.9.1 Zend Framework 1.9.2 Zend Framework 1.9.3 Zend Framework 1.9.3pl1 Zend Framework 1.9.4 Zend Framework 1.9.5 Zend Framework 1.9.6 Zend Framework 1.9.7 Zend Framework 1.9.8 Zend Framework 1.10.0 Zend Framework 1.10.0alpha1 Zend Framework 1.10.0beta1 Zend Framework 1.10.0 Release Candidate 1 Zend Framework 1.10.1 Zend Framework 1.10.2 Zend Framework 1.10.3 Zend Framework 1.10.4 Zend Framework 1.10.5 Zend Framework 1.10.6 Zend Framework 1.10.7 Zend Framework 1.10.8 Zend Framework 1.10.9 Zend Framework 1.11.0 Zend Framework 1.11.0b1 Zend Framework 1.11.0 Release Candidate 1 Zend Framework 1.11.1 Zend Framework 1.11.2 Zend Framework 1.11.3 Zend Framework 1.11.4 Zend Framework 1.11.5 Zend Framework 1.11.6 Zend Framework 1.11.7 Zend Framework 1.11.8 Zend Framework 1.11.9 Zend Framework 1.11.10 Zend Framework 1.11.11 Zend Framework 1.11.12 Zend Framework 1.11.13 Zend Framework 1.12.0 Zend Framework 1.12.0 Release Candidate 1 Zend Framework 1.12.0 Release Candidate 2 Zend Framework 1.12.0 Release Candidate 3 Zend Framework 1.12.0 Release Candidate 4 Zend Framework 1.12.4 Zend Framework 1.12.6