CVE-2007-3905

Name of the Vulnerable Software and Affected Versions: Zoph versions prior to 0.7.0.1

Description: The issue allows remote attackers to execute arbitrary SQL commands, potentially leading to disruption of confidentiality, integrity, and availability of protected information. This can be achieved via the order parameter to specific API endpoints, such as "photos.php" and "edit photos.php". The estimated number of potentially affected devices worldwide is not specified. Details about real-world incidents where this issue was exploited are not provided.

Recommendations: For Zoph versions prior to 0.7.0.1, update to version 0.7.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the order parameter in the affected API endpoints "photos.php" and "edit photos.php" until a patch is available.