CVE-2012-0994

SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter.

Date published : 2012-02-20

http://www.securityfocus.com/bid/51916

http://archives.neohapsis.com/archives/bugtraq/2012-02/0037.html