CVE-2007-3905
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
19/07/2007
Last modified:
09/04/2025
Description
SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote attackers to execute arbitrary SQL commands via the _order parameter to (1) photos.php and (2) edit_photos.php.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:zoph:zoph:*:*:*:*:*:*:*:* | 0.7 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/26077
- http://secunia.com/advisories/27303
- http://sourceforge.net/project/shownotes.php?release_id=523104&group_id=69353
- http://www.debian.org/security/2007/dsa-1389
- http://www.securityfocus.com/bid/24933
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35446
- http://secunia.com/advisories/26077
- http://secunia.com/advisories/27303
- http://sourceforge.net/project/shownotes.php?release_id=523104&group_id=69353
- http://www.debian.org/security/2007/dsa-1389
- http://www.securityfocus.com/bid/24933
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35446