SQL Injection Vulnerability in Zend_Db_Select::order Function

SQL Injection Vulnerability in Zend_Db_Select::order Function

CVE-2014-4914 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.