Zend Framework SQL Injection Vulnerability (CVE-2016-4861)
Publish Date: 12 de октября de 2016
Severity: : Critical
DESCRIPTION
Zend Framework is prone to an SQL injection vulnerability by the implementation of ORDER BY and GROUP BY in Zend_Db_Select, when a combination of SQL expressions and comments are used.
INFORMATION EXPOSURE
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1000608