CVE-2014-9235
published 2014-12-03CVE-2014-9235: Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands…
PriorityP338medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
2.07%
79.0th percentile
Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id parameter to photos.php in php/.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | zoph | — | — |
| zoph | zoph | <= 0.9.1 | — |
CVSS provenance
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv6.5MEDIUM
vendor_debian6.5LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3mrr-pqw6-73rq: Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0
ghsa_unreviewed·2022-05-17
CVE-2014-9235 [MEDIUM] CWE-89 GHSA-3mrr-pqw6-73rq: Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0
Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id parameter to photos.php in php/.
OSV
CVE-2014-9235: Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0
osv·2014-12-03·CVSS 6.5
CVE-2014-9235 [MEDIUM] CVE-2014-9235: Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0
Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id parameter to photos.php in php/.
Debian
CVE-2014-9235: zoph - Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1...
vendor_debian·2014·CVSS 6.5
CVE-2014-9235 [MEDIUM] CVE-2014-9235: zoph - Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1...
Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id parameter to photos.php in php/.
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
No detection rules found.
No writeups or analysis indexed.
2014-12-03
Published