PT-2017-8936 · Zend · Zend Framework
Peter Ocallaghan
·
Publicado
2016-08-03
·
Atualizado
2022-05-14
·
CVE-2016-6233
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Zend Framework versions prior to 1.12.19
Description
The issue allows remote attackers to conduct SQL injection attacks via vectors related to the use of the character pattern
[w]* in a regular expression, specifically in the order and group methods of Zend Db Select.Recommendations
For versions prior to 1.12.19, update to version 1.12.19 or later to resolve the issue.
Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Zend Framework