CVE-2014-4914 in Zend Frameworkinfo

Summary

The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

07/11/2014

Disclosure

12/29/2017

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
111160	Zend Framework order sql injection	89	Not defined	Official fix	CVE-2014-4914

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!