CVE-2014-9235

Published: 3 December 2014

Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id parameter to photos.php in php/.

Priority

Status

Package	Release	Status
zoph Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Needs triage
	groovy	Ignored (end of life)
	hirsute	Ignored (end of life)
	impish	Ignored (end of life)
	jammy	Needs triage
	kinetic	Ignored (end of life, was needs-triage)
	lunar	Ignored (end of life, was needs-triage)
	mantic	Needs triage
	trusty	Does not exist
	upstream	Needs triage
	xenial	Does not exist

References

http://seclists.org/fulldisclosure/2014/Nov/45
https://github.com/jeroenrnl/zoph/issues/59
https://www.cve.org/CVERecord?id=CVE-2014-9235
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.