Description
SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter.
Remediation
References
Related Vulnerabilities
Squid Other Vulnerability (CVE-2011-3205)
Moodle Improper Authentication Vulnerability (CVE-2014-3552)
WordPress Plugin PowerPress Podcasting by Blubrry SQL Injection (6.0.2)
WordPress 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities (2.0 - 2.0.1)
WordPress Plugin Absolute Reviews Cross-Site Request Forgery (1.0.8)