CVE-2014-4914
NONE EPSS 81.3%
Published Dec 29, 20178y ago · Modified Jun 17, 20262w ago
Published Dec 29, 2017 8y ago
Last Modified Jun 17, 2026 2w ago
Description
The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.
Threat Intelligence
EPSS Exploit Probability
81.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-89 SQL Injection Injection
Affected Products 3
References 6
- framework.zend.com http://framework.zend.com/security/advisory/ZF2014-04
- jvn.jp http://jvn.jp/en/jp/JVN71730320/index.html
- openwall.com http://openwall.com/lists/oss-security/2014/07/11/4
- secunia.com http://secunia.com/advisories/58847
- securityfocus.com http://www.securityfocus.com/bid/68031
- debian.org https://www.debian.org/security/2015/dsa-3265
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.