Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zZmo0LXE3MngteDJnOc4AAbZb
ADOdb Library SQL Injection
The qstr
method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zZmo0LXE3MngteDJnOc4AAbZb
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 2 years ago
Updated: 8 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-3fj4-q72x-x2g9, CVE-2016-7405
References:
- https://nvd.nist.gov/vuln/detail/CVE-2016-7405
- https://github.com/ADOdb/ADOdb/issues/226
- https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8
- https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md
- https://lists.fedoraproject.org/archives/list/[email protected]/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/
- https://security.gentoo.org/glsa/201701-59
- http://www.openwall.com/lists/oss-security/2016/09/07/8
- http://www.openwall.com/lists/oss-security/2016/09/15/1
- https://web.archive.org/web/20210123170727/http://www.securityfocus.com/bid/92969
- https://github.com/advisories/GHSA-3fj4-q72x-x2g9
Blast Radius: 24.4
Affected Packages
packagist:adodb/adodb-php
Dependent packages: 31Dependent repositories: 309
Downloads: 2,207,560 total
Affected Version Ranges: >= 5.0, < 5.20.7
Fixed in: 5.20.7
All affected versions: 5.20.0, 5.20.1, 5.20.2, 5.20.3, 5.20.4, 5.20.5, 5.20.6
All unaffected versions: 5.20.7, 5.20.8, 5.20.9, 5.20.10, 5.20.11, 5.20.12, 5.20.13, 5.20.14, 5.20.15, 5.20.16, 5.20.17, 5.20.18, 5.20.19, 5.20.20, 5.20.21, 5.21.0, 5.21.1, 5.21.2, 5.21.3, 5.21.4, 5.22.0, 5.22.1, 5.22.2, 5.22.3, 5.22.4, 5.22.5, 5.22.6, 5.22.7