Zend · Zend Framework · CVE-2014-4914
Name of the Vulnerable Software and Affected Versions:
Zend Framework versions prior to 1.12.7
Description:
The issue concerns the Zend Db Select::order function, which does not properly handle parentheses. This allows remote attackers to conduct SQL injection attacks via unspecified vectors.
Recommendations:
For versions prior to 1.12.7, update to version 1.12.7 or later to resolve the issue.