Search for packages
| purl | pkg:deb/debian/libphp-adodb@5.22.11-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-5ccj-b3a9-67g2 | Multiple vulnerabilities have been discovered in the ADOdb layer included in Cacti, potentially resulting in the execution of arbitrary code. |
CVE-2006-0806
|
| VCID-73nz-mq75-pbhu | The ADOdb sqlite3 driver allows SQL injection Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. Note that the indicated Severity corresponds to a worst-case usage scenario, e.g. allowing user-supplied data to be sent as-is to the above-mentioned methods. ### Impact SQLite3 driver. ### Patches Vulnerability is fixed in ADOdb 5.22.10 (https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03). ### Workarounds Only pass controlled data to metaColumns(), metaForeignKeys() and metaIndexes() method's $table parameter. ### Credits Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability. |
CVE-2025-54119
GHSA-vf2r-cxg9-p7rf |
| VCID-93va-4zq1-1qdw | John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals the installation path in an error message. |
CVE-2004-2664
|
| VCID-9x72-e9wx-mqf4 | Multiple vulnerabilities have been discovered in the ADOdb layer included in Cacti, potentially resulting in the execution of arbitrary code. |
CVE-2006-0146
|
| VCID-kjcg-xe2b-akap | Multiple vulnerabilities have been discovered in the ADOdb layer included in Cacti, potentially resulting in the execution of arbitrary code. |
CVE-2006-0147
|
| VCID-phnq-kx6f-xbfh | PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in John Lim ADOdb, possibly 4.01 and earlier, as used in Intechnic In-link 2.3.4, allows remote attackers to execute arbitrary PHP code via a URL in the ADODB_DIR parameter. |
CVE-2006-4618
|
| VCID-r9hg-ac9m-vbed | XSS vulnerability in old test script Cross-site scripting vulnerability in ADOdb allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
CVE-2016-4855
GHSA-hhfw-xxhm-pf32 |
| VCID-uz7x-nkta-xkez | Authentication Bypass by Primary Weakness exists in adodb/adodb. |
CVE-2021-3850
GHSA-65mj-7c86-79jf |
| VCID-wyd8-1reg-23h2 | SQL injection in ADOdb PostgreSQL driver pg_insert_id() method Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pg_insert_id() with user-supplied data. Note that the indicated Severity corresponds to a worst-case usage scenario. ### Impact PostgreSQL drivers (postgres64, postgres7, postgres8, postgres9). ### Patches Vulnerability is fixed in ADOdb 5.22.9 (11107d6d6e5160b62e05dff8a3a2678cf0e3a426). ### Workarounds Only pass controlled data to pg_insert_id() method's $fieldname parameter, or escape it with pg_escape_identifier() first. ### References - Issue https://github.com/ADOdb/ADOdb/issues/1070 - [Blog post](https://xaliom.blogspot.com/2025/05/from-sast-to-cve-2025-46337.html) by Marco Nappi ### Credits Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability. |
CVE-2025-46337
GHSA-8x27-jwjr-8545 |
| VCID-xvtj-eay9-m3er | SQL Injection The `qstr` method in the PDO driver in the ADOdb Library for PHP might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. |
CVE-2016-7405
GHSA-3fj4-q72x-x2g9 |
| VCID-yqvt-gasb-t3bq | Multiple vulnerabilities have been discovered in the ADOdb layer included in Cacti, potentially resulting in the execution of arbitrary code. |
CVE-2006-0410
|