VulnerableCode Package Details - pkg:composer/zendframework/zendframework1@1.12.18

Search for packages

Vulnerability	Summary	Fixed by
VCID-2xx4-77e9-pfbb Aliases: ZF2016-02	Potential SQL injection The implementation of `ORDER BY` and `GROUP BY` in `Zend_Db_Select` of ZF1 is vulnerable by the following SQL injection.	1.12.19 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-bjvu-jg9w-mqdd Aliases: CVE-2016-6233 GHSA-p9hp-3gpv-52w3	SQL Injection The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern `[\w]*` in a regular expression.	1.12.19 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-c8kp-n8m3-2khe Aliases: GHSA-6fqw-j3vm-7f66	Zendframework1 Potential SQL injection in ORDER and GROUP functions The implementation of ORDER BY and GROUP BY in Zend_Db_Select remained prone to SQL injection when a combination of SQL expressions and comments were used. This security patch provides a comprehensive solution that identifies and removes comments prior to checking validity of the statement to ensure no SQLi vectors occur. The implementation of ORDER BY and GROUP BY in Zend_Db_Select of ZF1 is vulnerable by the following SQL injection: ``` $db = Zend_Db::factory(/* options here /); $select = new Zend_Db_Select($db); $select->from('p'); $select->order("MD5(\"a(\");DELETE FROM p2; #)"); // same with group() ``` The above $select will render the following SQL statement: ``` SELECT `p`. FROM `p` ORDER BY MD5("a(");DELETE FROM p2; #) ASC ``` instead of the correct one: ``` SELECT "p".* FROM "p" ORDER BY "MD5(""a("");DELETE FROM p2; #)" ASC ``` This security fix can be considered an improvement of the previous ZF2016-02 and ZF2014-04 advisories. As a final consideration, we recommend developers either never use user input for these operations, or filter user input thoroughly prior to invoking Zend_Db. You can use the Zend_Db_Select::quoteInto() method to filter the input data, as shown in this example: ``` $db = Zend_Db::factory(...); $input = "MD5(\"a(\");DELETE FROM p2; #)"; // user input can be an attack $order = $db->quoteInto("SQL statement for ORDER", $input); $select = new Zend_Db_Select($db); $select->from('p'); $select->order($order); // same with group() ```	1.12.20 Affected by 0 other vulnerabilities.
VCID-rc3w-5r97-k3b3 Aliases: ZF2016-03	Potential SQL injection in ORDER and GROUP functions The implementation of ORDER BY and GROUP BY in `Zend_Db_Select` is prone to SQL injection when a combination of SQL expressions and comments are used.	1.12.20 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-2xx4-77e9-pfbb
Aliases:
ZF2016-02

Potential SQL injection The implementation of `ORDER BY` and `GROUP BY` in `Zend_Db_Select` of ZF1 is vulnerable by the following SQL injection.

1.12.19
Affected by 2 other vulnerabilities.

VCID-bjvu-jg9w-mqdd
Aliases:
CVE-2016-6233
GHSA-p9hp-3gpv-52w3

SQL Injection The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern `[\w]*` in a regular expression.

1.12.19
Affected by 2 other vulnerabilities.

VCID-c8kp-n8m3-2khe
Aliases:
GHSA-6fqw-j3vm-7f66

Zendframework1 Potential SQL injection in ORDER and GROUP functions The implementation of ORDER BY and GROUP BY in Zend_Db_Select remained prone to SQL injection when a combination of SQL expressions and comments were used. This security patch provides a comprehensive solution that identifies and removes comments prior to checking validity of the statement to ensure no SQLi vectors occur. The implementation of ORDER BY and GROUP BY in Zend_Db_Select of ZF1 is vulnerable by the following SQL injection: ``` $db = Zend_Db::factory(/* options here */); $select = new Zend_Db_Select($db); $select->from('p'); $select->order("MD5(\"a(\");DELETE FROM p2; #)"); // same with group() ``` The above $select will render the following SQL statement: ``` SELECT `p`.* FROM `p` ORDER BY MD5("a(");DELETE FROM p2; #) ASC ``` instead of the correct one: ``` SELECT "p".* FROM "p" ORDER BY "MD5(""a("");DELETE FROM p2; #)" ASC ``` This security fix can be considered an improvement of the previous ZF2016-02 and ZF2014-04 advisories. As a final consideration, we recommend developers either never use user input for these operations, or filter user input thoroughly prior to invoking Zend_Db. You can use the Zend_Db_Select::quoteInto() method to filter the input data, as shown in this example: ``` $db = Zend_Db::factory(...); $input = "MD5(\"a(\");DELETE FROM p2; #)"; // user input can be an attack $order = $db->quoteInto("SQL statement for ORDER", $input); $select = new Zend_Db_Select($db); $select->from('p'); $select->order($order); // same with group() ```

1.12.20
Affected by 0 other vulnerabilities.

VCID-rc3w-5r97-k3b3
Aliases:
ZF2016-03

Potential SQL injection in ORDER and GROUP functions The implementation of ORDER BY and GROUP BY in `Zend_Db_Select` is prone to SQL injection when a combination of SQL expressions and comments are used.

1.12.20
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-b1da-n1u7-43hj	ZendFramework1 Potential Insufficient Entropy Vulnerability We discovered several methods used to generate random numbers in ZF1 that potentially used insufficient entropy. These random number generators are used in the following method calls: ``` Zend_Ldap_Attribute::createPassword Zend_Form_Element_Hash::_generateHash Zend_Gdata_HttpClient::filterHttpRequest Zend_Filter_Encrypt_Mcrypt::_srand Zend_OpenId::randomBytes ``` In each case, the methods were using rand() or mt_rand(), neither of which can generate cryptographically secure values. This could potentially lead to information disclosure should an attacker be able to brute force the random number generation. Moreover, we discovered a potential security issue in the usage of the [openssl_random_pseudo_bytes()](http://php.net/manual/en/function.openssl-random-pseudo-bytes.php) function in Zend_Crypt_Math::randBytes, reported in PHP BUG [#70014](https://bugs.php.net/bug.php?id=70014), and the security implications reported in a discussion [on the random_compat library.](https://github.com/paragonie/random_compat/issues/96)	GHSA-8xhv-gqm4-3w99
VCID-n2gy-93nd-gber	Potential Insufficient Entropy Vulnerability in ZF1.	ZF2016-01
VCID-sjw9-2fwe-5ybg	Potential Insufficient Entropy There are several methods used to generate random numbers in ZF1 that potentially used insufficient entropy. Moreover, there's a potential security issue in the usage of the `openssl_random_pseudo_bytes()` function in `Zend_Crypt_Math::randBytes`, reported in PHP BUG #70014, and the security implications reported in a discussion on the `random_compat` library.	ZF2016-11

Vulnerability

Summary

Aliases

VCID-b1da-n1u7-43hj

ZendFramework1 Potential Insufficient Entropy Vulnerability We discovered several methods used to generate random numbers in ZF1 that potentially used insufficient entropy. These random number generators are used in the following method calls: ``` Zend_Ldap_Attribute::createPassword Zend_Form_Element_Hash::_generateHash Zend_Gdata_HttpClient::filterHttpRequest Zend_Filter_Encrypt_Mcrypt::_srand Zend_OpenId::randomBytes ``` In each case, the methods were using rand() or mt_rand(), neither of which can generate cryptographically secure values. This could potentially lead to information disclosure should an attacker be able to brute force the random number generation. Moreover, we discovered a potential security issue in the usage of the [openssl_random_pseudo_bytes()](http://php.net/manual/en/function.openssl-random-pseudo-bytes.php) function in Zend_Crypt_Math::randBytes, reported in PHP BUG [#70014](https://bugs.php.net/bug.php?id=70014), and the security implications reported in a discussion [on the random_compat library.](https://github.com/paragonie/random_compat/issues/96)

GHSA-8xhv-gqm4-3w99

VCID-n2gy-93nd-gber

Potential Insufficient Entropy Vulnerability in ZF1.

ZF2016-01

VCID-sjw9-2fwe-5ybg

Potential Insufficient Entropy There are several methods used to generate random numbers in ZF1 that potentially used insufficient entropy. Moreover, there's a potential security issue in the usage of the `openssl_random_pseudo_bytes()` function in `Zend_Crypt_Math::randBytes`, reported in PHP BUG #70014, and the security implications reported in a discussion on the `random_compat` library.

ZF2016-11

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T05:05:21.209224+00:00	GitLab Importer	Affected by	VCID-c8kp-n8m3-2khe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/GHSA-6fqw-j3vm-7f66.yml	38.6.0
2026-06-05T21:45:08.315285+00:00	GHSA Importer	Fixing	VCID-b1da-n1u7-43hj	https://github.com/advisories/GHSA-8xhv-gqm4-3w99	38.6.0
2026-06-04T20:07:35.283302+00:00	GitLab Importer	Affected by	VCID-bjvu-jg9w-mqdd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/CVE-2016-6233.yml	38.6.0
2026-06-04T20:06:23.030386+00:00	GitLab Importer	Affected by	VCID-rc3w-5r97-k3b3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/ZF2016-03.yml	38.6.0
2026-06-04T20:06:10.508049+00:00	GitLab Importer	Affected by	VCID-2xx4-77e9-pfbb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/ZF2016-02.yml	38.6.0
2026-06-04T16:51:01.186866+00:00	GithubOSV Importer	Fixing	VCID-b1da-n1u7-43hj	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-8xhv-gqm4-3w99/GHSA-8xhv-gqm4-3w99.json	38.6.0
2026-06-04T16:21:56.150076+00:00	GitLab Importer	Fixing	VCID-b1da-n1u7-43hj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/GHSA-8xhv-gqm4-3w99.yml	38.6.0
2026-06-02T04:36:32.746914+00:00	GitLab Importer	Fixing	VCID-n2gy-93nd-gber	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/ZF2016-01.yml	38.6.0
2026-06-02T04:36:32.725303+00:00	GitLab Importer	Fixing	VCID-sjw9-2fwe-5ybg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/ZF2016-11.yml	38.6.0