← back
CVE-2014-9235

CVE-2014-9235

EPSS 2.1%
Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id parameter to photos.php in php/.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/129141/Zoph-0.9.1-Cross-Site-Scripting-SQL-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/35278unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/129141/Zoph-0.9.1-Cross-Site-Scripting-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2014/Nov/45