VDB
GCVE-110-MAGEIA-2016-352
GCVE-110-MAGEIA-2016-352
Advisory Published
The implementation of ORDER BY and GROUP BY in Zend_Db_Select remained prone
to SQL injection when a combination of SQL expressions and comments were used.
This security patch provides a comprehensive solution that identifies and
removes comments prior to checking validity of the statement to ensure no SQLi
vectors occur (CVE-2016-4861).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | php-ZendFramework | 1.12.20-1.mga5 (unaffected), 0 (affected) | — |
Browse GCVE Records
72,409 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.