Vulnerability Database

296,317

Total vulnerabilities in the database

CVE-2014-9235

Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id parameter to photos.php in php/.

  • Published: Dec 3, 2014
  • Updated: Apr 13, 2023
  • CVE: CVE-2014-9235
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
zoph / zoph - 0.9.1.x