CVE-2016-4861

CRITICAL

Fedora < 1.12.19 - SQL Injection

Title source: rule

Description

The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.

Exploits (1)

nomisec STUB

by KosukeShimofuji · poc

https://github.com/KosukeShimofuji/CVE-2016-4861

View Code ZIP pw:eip

References (8)

[Third Party Advisory, VDB Entry] http://jvn.jp/en/jp/JVN18926672/index.html

[Third Party Advisory, VDB Entry] http://jvndb.jvn.jp/jvndb/JVNDB-2016-000158

[Exploit, Technical Description, Vendor Advisory] https://framework.zend.com/security/advisory/ZF2016-03

[Mailing List] https://lists.debian.org/debian-lts-announce/2018/06/msg00012.html

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT/

[Third Party Advisory] https://security.gentoo.org/glsa/201804-10

Scores

CVSS v3 9.8

EPSS 0.0398

EPSS Percentile 88.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (5)

fedoraproject/fedora 23

fedoraproject/fedora 24

fedoraproject/fedora 25

zend/zend_framework < 1.12.19

zendframework/zendframework 0 - 1.12.20Packagist

Published Feb 17, 2017

Tracked Since Feb 18, 2026