CVE-2016-4861

CVE-2016-4861

The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.

Source: CVE-2016-4861

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다