Search for packages
| purl | pkg:ebuild/dev-php/ZendFramework@1.12.9 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-bjvu-jg9w-mqdd
Aliases: CVE-2016-6233 GHSA-p9hp-3gpv-52w3 |
SQL Injection The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern `[\w]*` in a regular expression. | There are no reported fixed by versions. |
|
VCID-qrb6-ar5k-eqha
Aliases: CVE-2016-10034 GHSA-r9mw-gwx9-v3h5 |
Command Injection The `setFrom` function in the Sendmail adapter in the zend-mail component might allow remote attackers to pass extra parameters to the `mail` command and consequently execute arbitrary code via a `\"` in a crafted e-mail address. | There are no reported fixed by versions. |
|
VCID-xrjj-2a2s-efba
Aliases: CVE-2016-4861 GHSA-xfjq-w3cw-h5fq |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T19:13:07.268019+00:00 | Gentoo Importer | Affected by | VCID-bjvu-jg9w-mqdd | https://security.gentoo.org/glsa/201804-10 | 38.6.0 |
| 2026-06-04T19:13:07.252506+00:00 | Gentoo Importer | Affected by | VCID-xrjj-2a2s-efba | https://security.gentoo.org/glsa/201804-10 | 38.6.0 |
| 2026-06-04T19:13:07.236967+00:00 | Gentoo Importer | Affected by | VCID-qrb6-ar5k-eqha | https://security.gentoo.org/glsa/201804-10 | 38.6.0 |