Vulnerability Details : CVE-2016-4861
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.
Vulnerability category: Sql Injection
Exploit prediction scoring system (EPSS) score for CVE-2016-4861
0.81%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less