CVE-2014-9235

Name of the Vulnerable Software and Affected Versions Zoph versions 0.9.1 and earlier

Description The issue allows remote authenticated users to execute arbitrary SQL commands. This can be achieved via the action parameter to group.php or user.php, or the location id parameter to photos.php in php/.

Recommendations For Zoph versions 0.9.1 and earlier, consider restricting access to the action parameter in group.php and user.php, as well as the location id parameter in photos.php, until a fix is available. As a temporary workaround, avoid using these parameters in the affected API endpoints. At the moment, there is no information about a newer version that contains a fix for this issue.