{"id":"CVE-2007-3905","details":"SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote attackers to execute arbitrary SQL commands via the _order parameter to (1) photos.php and (2) edit_photos.php.","modified":"2026-04-10T03:38:58.918639Z","published":"2007-07-19T17:30:00Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/26077"},{"type":"ADVISORY","url":"http://secunia.com/advisories/27303"},{"type":"ADVISORY","url":"http://www.debian.org/security/2007/dsa-1389"},{"type":"FIX","url":"http://secunia.com/advisories/26077"},{"type":"WEB","url":"http://sourceforge.net/project/shownotes.php?release_id=523104&group_id=69353"},{"type":"WEB","url":"http://www.securityfocus.com/bid/24933"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/35446"}],"schema_version":"1.7.5"}