Vulnerability Name:

CVE-2016-4861

Assigned:2016-09-15
Published:2016-09-15
Updated:2018-06-29
Summary:The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.
CVSS v3 Severity:9.8 Critical (CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
9.4 Critical (Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.1 High (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-89
References:Source: JVN
Type: VENDOR_ADVISORY
JVN#18926672

Source: JVNDB
Type: VENDOR_ADVISORY
JVNDB-2016-000158

Source: XF
Type: UNKNOWN
zendframework-cve20164861-sql-injection(116919)

Source: CONFIRM
Type: VENDOR_ADVISORY
https://framework.zend.com/security/advisory/ZF2016-03

Source: MLIST
Type: UNKNOWN
[debian-lts-announce] 20180628 [SECURITY] [DLA 1403-1] zendframework security update

Source: FEDORA
Type: VENDOR_ADVISORY
FEDORA-2016-7f193a0c59

Source: FEDORA
Type: VENDOR_ADVISORY
FEDORA-2016-77e5105570

Source: FEDORA
Type: VENDOR_ADVISORY
FEDORA-2016-666d95d1d5

Vulnerable Configuration:Configuration 1:
  • cpe:/o:fedoraproject:fedora:23:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:24:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:25:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/a:zend:zend_framework:1.12.19:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:zend:zend_framework:1.12.19:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.precise:def:20164861000
    V
    CVE-2016-4861 on Ubuntu 12.04 LTS (precise) - medium.
    2017-02-16
    oval:com.ubuntu.bionic:def:20164861000
    V
    CVE-2016-4861 on Ubuntu 18.04 LTS (bionic) - medium.
    2017-02-16
    oval:com.ubuntu.trusty:def:20164861000
    V
    CVE-2016-4861 on Ubuntu 14.04 LTS (trusty) - medium.
    2017-02-16
    oval:com.ubuntu.xenial:def:20164861000
    V
    CVE-2016-4861 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-02-16
    oval:com.ubuntu.artful:def:20164861000
    V
    CVE-2016-4861 on Ubuntu 17.10 (artful) - medium.
    2017-02-16
    BACK
    fedoraproject fedora 23
    fedoraproject fedora 24
    fedoraproject fedora 25
    zend zend framework 1.12.19
    zend zend framework 1.12.19