CVE-2007-3905

SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote attackers to execute arbitrary SQL commands via the _order parameter to (1) photos.php and (2) edit_photos.php.

Date published : 2007-07-19

http://www.securityfocus.com/bid/24933

http://sourceforge.net/project/shownotes.php?release_id=523104&group_id=69353