Zend · Zend Framework · CVE-2016-6233
**Name of the Vulnerable Software and Affected Versions**
Zend Framework versions prior to 1.12.19
**Description**
The issue allows remote attackers to conduct SQL injection attacks via vectors related to the use of the character pattern `[w]*` in a regular expression, specifically in the `order` and `group` methods of `Zend Db Select`.
**Recommendations**
For versions prior to 1.12.19, update to version 1.12.19 or later to resolve the issue.