Critical severity9.8NVD Advisory· Published Feb 17, 2017· Updated Jun 17, 2026
CVE-2016-6233
CVE-2016-6233
Description
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
zendframework/zendframeworkPackagist | < 1.12.19 | 1.12.19 |
zendframework/zendframework1Packagist | < 1.12.19 | 1.12.19 |
Affected products
6cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*
- ghsa-coords2 versions
< 1.12.19+ 1 more
- (no CPE)range: < 1.12.19
- (no CPE)range: < 1.12.19
Patches
Vulnerability mechanics
References
13- framework.zend.com/security/advisory/ZF2016-02nvdExploitTechnical DescriptionVendor AdvisoryWEB
- www.securityfocus.com/bid/91802nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-p9hp-3gpv-52w3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-6233ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2016-6233.yamlghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTUghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTITghsaWEB
- security.gentoo.org/glsa/201804-10nvdWEB
- web.archive.org/web/20210123152547/http://www.securityfocus.com/bid/91802ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT/nvd
News mentions
0No linked articles in our index yet.