[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2014-4914

Date: (C)2017-12-29   (M)2018-01-05 


The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.

CVSS Score: 5.8Access Vector:
Exploit Score: Access Complexity:
Impact Score: Authentication:
 Confidentiality:
 Integrity:
 Availability:





Reference:
SECUNIA-58847
BID-68031
DSA-3265
JVN#71730320
http://openwall.com/lists/oss-security/2014/07/11/4
http://framework.zend.com/security/advisory/ZF2014-04

OVAL    8
oval:org.secpod.oval:def:107223
oval:org.secpod.oval:def:109129
oval:org.secpod.oval:def:107832
oval:org.secpod.oval:def:602115
...

© 2013 SecPod Technologies