zendframework/zendframework1 Security Advisories for 1.12.9 (8)
-
Potential SQL injection in ORDER and GROUP functions of ZF1
Affected version: <1.12.20
Reported by:
FriendsOfPHP/security-advisories -
[CRITICAL] Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select
PKSA-8gbh-rfqt-hz91 CVE-2016-6233 GHSA-p9hp-3gpv-52w3
Affected version: <1.12.19
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Potential Insufficient Entropy Vulnerability in ZF1
Affected version: >=1.12.0,<1.12.18
Reported by:
FriendsOfPHP/security-advisories -
Potential Information Disclosure and Insufficient Entropy vulnerability in Zend\Captcha\Word
Affected version: >=1.12.0,<1.12.17
Reported by:
FriendsOfPHP/security-advisories -
[HIGH] Filesystem Permissions Issues in Multiple Components
PKSA-gk48-4tyq-1mz2 CVE-2015-5723 GHSA-pw5c-xqf2-6xc2
Affected version: >=1.12.0,<1.12.16
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Potential SQL injection vector using null byte for PDO (MsSql, SQLite)
Affected version: >=1.12.0,<1.12.16
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] XXE/XEE vector when using ZendXml on multibyte payloads
PKSA-wkm6-gzx7-1qtv CVE-2015-5161 GHSA-xp8p-9rq5-4wgv
Affected version: >=1.12.0,<1.12.14
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Potential CRLF injection attacks in mail and HTTP headers
PKSA-t57f-zdqy-25cs CVE-2015-3154 GHSA-5957-5crx-79jx
Affected version: >=1.12.0,<1.12.12
Reported by:
GitHub, FriendsOfPHP/security-advisories