VDB

GCVE-110-MAGEIA-2016-352

GCVE-110-MAGEIA-2016-352
Advisory Published
Vulnetix · Advisory published October 21, 2016
The implementation of ORDER BY and GROUP BY in Zend_Db_Select remained prone to SQL injection when a combination of SQL expressions and comments were used. This security patch provides a comprehensive solution that identifies and removes comments prior to checking validity of the statement to ensure no SQLi vectors occur (CVE-2016-4861).

Affected Products

VendorProductVersionsPlatforms
Mageiaphp-ZendFramework1.12.20-1.mga5 (unaffected), 0 (affected)

Browse GCVE Records

72,409 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›