GHSA-p9hp-3gpv-52w3

Source

https://github.com/advisories/GHSA-p9hp-3gpv-52w3

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p9hp-3gpv-52w3/GHSA-p9hp-3gpv-52w3.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-p9hp-3gpv-52w3

Aliases

CVE-2016-6233

Published

2022-05-14T02:19:45Z

Modified

2024-02-17T05:21:00.346329Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Zend Framework Allows SQL Injection

Details

The (1) order and (2) group methods in ZendDbSelect in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression.

Database specific

{
    "nvd_published_at": "2017-02-17T02:59:00Z",
    "cwe_ids": [
        "CWE-89"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-28T23:22:04Z"
}

References

Affected packages

Packagist / zendframework/zendframework

Package

Name: zendframework/zendframework
Purl: pkg:composer/zendframework/zendframework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.12.19

Packagist / zendframework/zendframework1

Package

Name: zendframework/zendframework1
Purl: pkg:composer/zendframework/zendframework1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.12.19

Affected versions

1.*

1.12.0

1.12.1

1.12.2

1.12.3

1.12.4

1.12.5

1.12.6

1.12.7

1.12.8

1.12.9

1.12.10

1.12.11

1.12.12

1.12.13

1.12.14

1.12.15

1.12.16

1.12.17

1.12.18