VulnerableCode Package Details - pkg:deb/debian/libphp-adodb@5.22.9-0.1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-wyd8-1reg-23h2	SQL injection in ADOdb PostgreSQL driver pg_insert_id() method Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pg_insert_id() with user-supplied data. Note that the indicated Severity corresponds to a worst-case usage scenario. ### Impact PostgreSQL drivers (postgres64, postgres7, postgres8, postgres9). ### Patches Vulnerability is fixed in ADOdb 5.22.9 (11107d6d6e5160b62e05dff8a3a2678cf0e3a426). ### Workarounds Only pass controlled data to pg_insert_id() method's $fieldname parameter, or escape it with pg_escape_identifier() first. ### References - Issue https://github.com/ADOdb/ADOdb/issues/1070 - [Blog post](https://xaliom.blogspot.com/2025/05/from-sast-to-cve-2025-46337.html) by Marco Nappi ### Credits Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability.	CVE-2025-46337 GHSA-8x27-jwjr-8545

Vulnerability

Summary

Aliases

VCID-wyd8-1reg-23h2

SQL injection in ADOdb PostgreSQL driver pg_insert_id() method Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pg_insert_id() with user-supplied data. Note that the indicated Severity corresponds to a worst-case usage scenario. ### Impact PostgreSQL drivers (postgres64, postgres7, postgres8, postgres9). ### Patches Vulnerability is fixed in ADOdb 5.22.9 (11107d6d6e5160b62e05dff8a3a2678cf0e3a426). ### Workarounds Only pass controlled data to pg_insert_id() method's $fieldname parameter, or escape it with pg_escape_identifier() first. ### References - Issue https://github.com/ADOdb/ADOdb/issues/1070 - [Blog post](https://xaliom.blogspot.com/2025/05/from-sast-to-cve-2025-46337.html) by Marco Nappi ### Credits Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability.

CVE-2025-46337
GHSA-8x27-jwjr-8545

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T10:15:07.492809+00:00	Debian Importer	Fixing	VCID-wyd8-1reg-23h2	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T06:53:44.045472+00:00	Debian Importer	Fixing	VCID-wyd8-1reg-23h2	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:29:13.321816+00:00	Debian Importer	Fixing	VCID-wyd8-1reg-23h2	https://security-tracker.debian.org/tracker/data/json	38.1.0