[CRITICAL] Zend Framework SQL injection vector using null byte for PDO

PKSA-4bm5-6799-t9s8 CVE-2015-7695 GHSA-2hvh-c5c2-vj85

Affected version: <1.12.16

Reported by:
GitHub

[MEDIUM] Potential SQL injection in ORDER and GROUP functions of ZF1

PKSA-nfx8-h3yx-xf86 GHSA-vvm3-rv48-j3g5

Affected version: <1.12.20

Reported by:
GitHub, FriendsOfPHP/security-advisories

[CRITICAL] Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select

PKSA-8gbh-rfqt-hz91 CVE-2016-6233 GHSA-p9hp-3gpv-52w3

Affected version: <1.12.19

Reported by:
GitHub, FriendsOfPHP/security-advisories

[HIGH] Potential Insufficient Entropy Vulnerability in ZF1

PKSA-pyvt-9h93-zmzx GHSA-229x-22xc-2f2w

Affected version: >=1.12.0,<1.12.18

Reported by:
GitHub, FriendsOfPHP/security-advisories

[CRITICAL] Potential Information Disclosure and Insufficient Entropy vulnerability in Zend\Captcha\Word

PKSA-vxf6-mhns-kytt GHSA-mhpx-3rv8-wrjm

Affected version: >=1.12.0,<1.12.17

Reported by:
GitHub, FriendsOfPHP/security-advisories

[HIGH] Filesystem Permissions Issues in Multiple Components

PKSA-gk48-4tyq-1mz2 CVE-2015-5723 GHSA-pw5c-xqf2-6xc2

Affected version: >=1.12.0,<1.12.16

Reported by:
GitHub, FriendsOfPHP/security-advisories

[CRITICAL] Potential SQL injection vector using null byte for PDO (MsSql, SQLite)

PKSA-d2kh-9h2x-yxmw GHSA-2x36-qhx3-7m5f

Affected version: >=1.12.0,<1.12.16

Reported by:
GitHub, FriendsOfPHP/security-advisories

[MEDIUM] XXE/XEE vector when using ZendXml on multibyte payloads

PKSA-wkm6-gzx7-1qtv CVE-2015-5161 GHSA-xp8p-9rq5-4wgv

Affected version: >=1.12.0,<1.12.14

Reported by:
GitHub, FriendsOfPHP/security-advisories

[MEDIUM] Potential CRLF injection attacks in mail and HTTP headers

PKSA-t57f-zdqy-25cs CVE-2015-3154 GHSA-5957-5crx-79jx

Affected version: >=1.12.0,<1.12.12

Reported by:
GitHub, FriendsOfPHP/security-advisories