Search for packages
| purl | pkg:deb/debian/libphp-adodb@4.93a-1.1 |
| Next non-vulnerable version | 5.21.4-1+deb12u2 |
| Latest non-vulnerable version | 5.21.4-1+deb12u2 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-73nz-mq75-pbhu
Aliases: CVE-2025-54119 GHSA-vf2r-cxg9-p7rf |
The ADOdb sqlite3 driver allows SQL injection Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. Note that the indicated Severity corresponds to a worst-case usage scenario, e.g. allowing user-supplied data to be sent as-is to the above-mentioned methods. ### Impact SQLite3 driver. ### Patches Vulnerability is fixed in ADOdb 5.22.10 (https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03). ### Workarounds Only pass controlled data to metaColumns(), metaForeignKeys() and metaIndexes() method's $table parameter. ### Credits Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability. |
Affected by 0 other vulnerabilities. |
|
VCID-r9hg-ac9m-vbed
Aliases: CVE-2016-4855 GHSA-hhfw-xxhm-pf32 |
XSS vulnerability in old test script Cross-site scripting vulnerability in ADOdb allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Affected by 3 other vulnerabilities. |
|
VCID-uz7x-nkta-xkez
Aliases: CVE-2021-3850 GHSA-65mj-7c86-79jf |
Authentication Bypass by Primary Weakness exists in adodb/adodb. |
Affected by 3 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-wyd8-1reg-23h2
Aliases: CVE-2025-46337 GHSA-8x27-jwjr-8545 |
SQL injection in ADOdb PostgreSQL driver pg_insert_id() method Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pg_insert_id() with user-supplied data. Note that the indicated Severity corresponds to a worst-case usage scenario. ### Impact PostgreSQL drivers (postgres64, postgres7, postgres8, postgres9). ### Patches Vulnerability is fixed in ADOdb 5.22.9 (11107d6d6e5160b62e05dff8a3a2678cf0e3a426). ### Workarounds Only pass controlled data to pg_insert_id() method's $fieldname parameter, or escape it with pg_escape_identifier() first. ### References - Issue https://github.com/ADOdb/ADOdb/issues/1070 - [Blog post](https://xaliom.blogspot.com/2025/05/from-sast-to-cve-2025-46337.html) by Marco Nappi ### Credits Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability. |
Affected by 0 other vulnerabilities. |
|
VCID-xvtj-eay9-m3er
Aliases: CVE-2016-7405 GHSA-3fj4-q72x-x2g9 |
SQL Injection The `qstr` method in the PDO driver in the ADOdb Library for PHP might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-5ccj-b3a9-67g2 | Multiple vulnerabilities have been discovered in the ADOdb layer included in Cacti, potentially resulting in the execution of arbitrary code. |
CVE-2006-0806
|
| VCID-9x72-e9wx-mqf4 | Multiple vulnerabilities have been discovered in the ADOdb layer included in Cacti, potentially resulting in the execution of arbitrary code. |
CVE-2006-0146
|
| VCID-kjcg-xe2b-akap | Multiple vulnerabilities have been discovered in the ADOdb layer included in Cacti, potentially resulting in the execution of arbitrary code. |
CVE-2006-0147
|
| VCID-yqvt-gasb-t3bq | Multiple vulnerabilities have been discovered in the ADOdb layer included in Cacti, potentially resulting in the execution of arbitrary code. |
CVE-2006-0410
|