| Max CVSS | 7.5 | Min CVSS | 7.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-6233 | 7.5 |
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression.
|
21-10-2018 - 10:29 | 17-02-2017 - 02:59 | |
| CVE-2016-4861 | 7.5 |
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.
|
21-10-2018 - 10:29 | 17-02-2017 - 02:59 | |
| CVE-2016-10034 | 7.5 |
The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently e
|
21-10-2018 - 10:29 | 30-12-2016 - 19:59 |