{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19170?format=json","vulnerability_id":"VCID-m4fg-r5yx-dfhb","summary":"ADOdb SQL injection vulnerability\nThe ADOdb Library for PHP prior to version 5.20.11 is prone to SQL Injection vulnerability in multiple drivers.","aliases":[{"alias":"GHSA-h63c-xvpf-264j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26718?format=json","purl":"pkg:composer/adodb/adodb-php@5.20.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-73nz-mq75-pbhu"},{"vulnerability":"VCID-uz7x-nkta-xkez"},{"vulnerability":"VCID-wyd8-1reg-23h2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/adodb/adodb-php@5.20.11"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/156875?format=json","purl":"pkg:composer/adodb/adodb-php@5.19","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-73nz-mq75-pbhu"},{"vulnerability":"VCID-kj73-kd5z-wqen"},{"vulnerability":"VCID-m4fg-r5yx-dfhb"},{"vulnerability":"VCID-r9hg-ac9m-vbed"},{"vulnerability":"VCID-u92u-ykxt-subq"},{"vulnerability":"VCID-uz7x-nkta-xkez"},{"vulnerability":"VCID-wyd8-1reg-23h2"},{"vulnerability":"VCID-xvtj-eay9-m3er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/adodb/adodb-php@5.19"},{"url":"http://public2.vulnerablecode.io/api/packages/156876?format=json","purl":"pkg:composer/adodb/adodb-php@5.20.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-73nz-mq75-pbhu"},{"vulnerability":"VCID-kj73-kd5z-wqen"},{"vulnerability":"VCID-m4fg-r5yx-dfhb"},{"vulnerability":"VCID-r9hg-ac9m-vbed"},{"vulnerability":"VCID-u92u-ykxt-subq"},{"vulnerability":"VCID-uz7x-nkta-xkez"},{"vulnerability":"VCID-wyd8-1reg-23h2"},{"vulnerability":"VCID-xvtj-eay9-m3er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/adodb/adodb-php@5.20.0"},{"url":"http://public2.vulnerablecode.io/api/packages/156877?format=json","purl":"pkg:composer/adodb/adodb-php@5.20.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-73nz-mq75-pbhu"},{"vulnerability":"VCID-kj73-kd5z-wqen"},{"vulnerability":"VCID-m4fg-r5yx-dfhb"},{"vulnerability":"VCID-r9hg-ac9m-vbed"},{"vulnerability":"VCID-u92u-ykxt-subq"},{"vulnerability":"VCID-uz7x-nkta-xkez"},{"vulnerability":"VCID-wyd8-1reg-23h2"},{"vulnerability":"VCID-xvtj-eay9-m3er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/adodb/adodb-php@5.20.1"},{"url":"http://public2.vulnerablecode.io/api/packages/156878?format=json","purl":"pkg:composer/adodb/adodb-php@5.20.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-73nz-mq75-pbhu"},{"vulnerability":"VCID-kj73-kd5z-wqen"},{"vulnerability":"VCID-m4fg-r5yx-dfhb"},{"vulnerability":"VCID-r9hg-ac9m-vbed"},{"vulnerability":"VCID-u92u-ykxt-subq"},{"vulnerability":"VCID-uz7x-nkta-xkez"},{"vulnerability":"VCID-wyd8-1reg-23h2"},{"vulnerability":"VCID-xvtj-eay9-m3er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/adodb/adodb-php@5.20.2"},{"url":"http://public2.vulnerablecode.io/api/packages/156879?format=json","purl":"pkg:composer/adodb/adodb-php@5.20.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-73nz-mq75-pbhu"},{"vulnerability":"VCID-kj73-kd5z-wqen"},{"vulnerability":"VCID-m4fg-r5yx-dfhb"},{"vulnerability":"VCID-r9hg-ac9m-vbed"},{"vulnerability":"VCID-u92u-ykxt-subq"},{"vulnerability":"VCID-uz7x-nkta-xkez"},{"vulnerability":"VCID-wyd8-1reg-23h2"},{"vulnerability":"VCID-xvtj-eay9-m3er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/adodb/adodb-php@5.20.3"},{"url":"http://public2.vulnerablecode.io/api/packages/156880?format=json","purl":"pkg:composer/adodb/adodb-php@5.20.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-73nz-mq75-pbhu"},{"vulnerability":"VCID-kj73-kd5z-wqen"},{"vulnerability":"VCID-m4fg-r5yx-dfhb"},{"vulnerability":"VCID-r9hg-ac9m-vbed"},{"vulnerability":"VCID-u92u-ykxt-subq"},{"vulnerability":"VCID-uz7x-nkta-xkez"},{"vulnerability":"VCID-wyd8-1reg-23h2"},{"vulnerability":"VCID-xvtj-eay9-m3er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/adodb/adodb-php@5.20.4"},{"url":"http://public2.vulnerablecode.io/api/packages/24153?format=json","purl":"pkg:composer/adodb/adodb-php@5.20.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-73nz-mq75-pbhu"},{"vulnerability":"VCID-kj73-kd5z-wqen"},{"vulnerability":"VCID-m4fg-r5yx-dfhb"},{"vulnerability":"VCID-r9hg-ac9m-vbed"},{"vulnerability":"VCID-u92u-ykxt-subq"},{"vulnerability":"VCID-uz7x-nkta-xkez"},{"vulnerability":"VCID-wyd8-1reg-23h2"},{"vulnerability":"VCID-xvtj-eay9-m3er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/adodb/adodb-php@5.20.5"},{"url":"http://public2.vulnerablecode.io/api/packages/23194?format=json","purl":"pkg:composer/adodb/adodb-php@5.20.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-73nz-mq75-pbhu"},{"vulnerability":"VCID-kj73-kd5z-wqen"},{"vulnerability":"VCID-m4fg-r5yx-dfhb"},{"vulnerability":"VCID-u92u-ykxt-subq"},{"vulnerability":"VCID-uz7x-nkta-xkez"},{"vulnerability":"VCID-wyd8-1reg-23h2"},{"vulnerability":"VCID-xvtj-eay9-m3er"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/adodb/adodb-php@5.20.6"},{"url":"http://public2.vulnerablecode.io/api/packages/23195?format=json","purl":"pkg:composer/adodb/adodb-php@5.20.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-73nz-mq75-pbhu"},{"vulnerability":"VCID-kj73-kd5z-wqen"},{"vulnerability":"VCID-m4fg-r5yx-dfhb"},{"vulnerability":"VCID-u92u-ykxt-subq"},{"vulnerability":"VCID-uz7x-nkta-xkez"},{"vulnerability":"VCID-wyd8-1reg-23h2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/adodb/adodb-php@5.20.7"},{"url":"http://public2.vulnerablecode.io/api/packages/168346?format=json","purl":"pkg:composer/adodb/adodb-php@5.20.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-73nz-mq75-pbhu"},{"vulnerability":"VCID-kj73-kd5z-wqen"},{"vulnerability":"VCID-m4fg-r5yx-dfhb"},{"vulnerability":"VCID-u92u-ykxt-subq"},{"vulnerability":"VCID-uz7x-nkta-xkez"},{"vulnerability":"VCID-wyd8-1reg-23h2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/adodb/adodb-php@5.20.8"},{"url":"http://public2.vulnerablecode.io/api/packages/168347?format=json","purl":"pkg:composer/adodb/adodb-php@5.20.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-73nz-mq75-pbhu"},{"vulnerability":"VCID-kj73-kd5z-wqen"},{"vulnerability":"VCID-m4fg-r5yx-dfhb"},{"vulnerability":"VCID-u92u-ykxt-subq"},{"vulnerability":"VCID-uz7x-nkta-xkez"},{"vulnerability":"VCID-wyd8-1reg-23h2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/adodb/adodb-php@5.20.9"},{"url":"http://public2.vulnerablecode.io/api/packages/278525?format=json","purl":"pkg:composer/adodb/adodb-php@5.20.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-73nz-mq75-pbhu"},{"vulnerability":"VCID-m4fg-r5yx-dfhb"},{"vulnerability":"VCID-uz7x-nkta-xkez"},{"vulnerability":"VCID-wyd8-1reg-23h2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/adodb/adodb-php@5.20.10"}],"references":[{"reference_url":"https://github.com/ADOdb/ADOdb/pull/311","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ADOdb/ADOdb/pull/311"},{"reference_url":"https://github.com/ADOdb/ADOdb/pull/401","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ADOdb/ADOdb/pull/401"},{"reference_url":"https://github.com/dregad/ADOdb/commit/34788ce8c1d08500631f55764cc2247b9c7cfd2b","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dregad/ADOdb/commit/34788ce8c1d08500631f55764cc2247b9c7cfd2b"},{"reference_url":"https://github.com/dregad/ADOdb/commit/d29c23f2264ec95c6d3851e0f51ce240b2f36b74","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/dregad/ADOdb/commit/d29c23f2264ec95c6d3851e0f51ce240b2f36b74"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/adodb/adodb-php/2018-03-06.yaml","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/adodb/adodb-php/2018-03-06.yaml"},{"reference_url":"https://github.com/advisories/GHSA-h63c-xvpf-264j","reference_id":"GHSA-h63c-xvpf-264j","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h63c-xvpf-264j"}],"weaknesses":[{"cwe_id":89,"name":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","description":"The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"9.0 - 10.0","exploitability":"0.5","weighted_severity":"9.0","risk_score":4.5,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m4fg-r5yx-dfhb"}