{"id":"CVE-2016-6233","details":"The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\\w]* in a regular expression.","aliases":["GHSA-p9hp-3gpv-52w3"],"modified":"2026-04-16T06:22:51.014653025Z","published":"2017-02-17T02:59:13.500Z","references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201804-10"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/91802"},{"type":"EVIDENCE","url":"https://framework.zend.com/security/advisory/ZF2016-02"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"23"}]},{"events":[{"introduced":"0"},{"last_affected":"24"}]},{"events":[{"introduced":"0"},{"last_affected":"25"}]},{"events":[{"introduced":"0"},{"last_affected":"1.12.19"}]},{"events":[{"introduced":"0"},{"fixed":"1.12.19"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6233.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}