CVE-2016-4861

Name of the Vulnerable Software and Affected Versions Zend Framework versions prior to 1.12.20

Description The issue concerns the order and group methods in Zend Db Select, which might allow remote attackers to conduct SQL injection attacks. This is due to the failure to remove comments from an SQL statement before validation.

Recommendations For versions prior to 1.12.20, update to version 1.12.20 or later to resolve the issue. As a temporary workaround, consider validating and sanitizing user input to minimize the risk of SQL injection attacks. Restrict access to the Zend Db Select component to minimize the risk of exploitation.