CVE-2014-4914

NONE EPSS 81.3%
Published Dec 29, 20178y ago · Modified Jun 17, 20262w ago
Find Similar
Published Dec 29, 2017 8y ago
Last Modified Jun 17, 2026 2w ago

Description

The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.

Threat Intelligence

EPSS Exploit Probability
81.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-89 SQL Injection Injection

Affected Products 3

VendorProductVersionRange
zendzend_framework* <1.12.7
debiandebian_linux7.0any
debiandebian_linux8.0any

References 6

  • framework.zend.com http://framework.zend.com/security/advisory/ZF2014-04
    Vendor Advisory
  • jvn.jp http://jvn.jp/en/jp/JVN71730320/index.html
    Third Party AdvisoryVDB Entry
  • openwall.com http://openwall.com/lists/oss-security/2014/07/11/4
    Mailing ListThird Party Advisory
  • secunia.com http://secunia.com/advisories/58847
    Third Party Advisory
  • securityfocus.com http://www.securityfocus.com/bid/68031
    Third Party AdvisoryVDB Entry
  • debian.org https://www.debian.org/security/2015/dsa-3265
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.