Search for packages
| purl | pkg:composer/adodb/adodb-php@5.20.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-73nz-mq75-pbhu
Aliases: CVE-2025-54119 GHSA-vf2r-cxg9-p7rf |
The ADOdb sqlite3 driver allows SQL injection Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. Note that the indicated Severity corresponds to a worst-case usage scenario, e.g. allowing user-supplied data to be sent as-is to the above-mentioned methods. ### Impact SQLite3 driver. ### Patches Vulnerability is fixed in ADOdb 5.22.10 (https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03). ### Workarounds Only pass controlled data to metaColumns(), metaForeignKeys() and metaIndexes() method's $table parameter. ### Credits Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability. |
Affected by 0 other vulnerabilities. |
|
VCID-kj73-kd5z-wqen
Aliases: GMS-2018-25 |
SQL Injection The `SelectLimit` function has a potential SQL injection vulnerability through the use of the `nrows` and `offset` parameters which are not forced to integers. |
Affected by 3 other vulnerabilities. |
|
VCID-m4fg-r5yx-dfhb
Aliases: GHSA-h63c-xvpf-264j |
ADOdb SQL injection vulnerability The ADOdb Library for PHP prior to version 5.20.11 is prone to SQL Injection vulnerability in multiple drivers. |
Affected by 3 other vulnerabilities. |
|
VCID-r9hg-ac9m-vbed
Aliases: CVE-2016-4855 GHSA-hhfw-xxhm-pf32 |
XSS vulnerability in old test script Cross-site scripting vulnerability in ADOdb allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Affected by 7 other vulnerabilities. |
|
VCID-u92u-ykxt-subq
Aliases: 2018-03-06 |
SQL Injection adodb-php contains a SQLi vulnerability. |
Affected by 3 other vulnerabilities. |
|
VCID-uz7x-nkta-xkez
Aliases: CVE-2021-3850 GHSA-65mj-7c86-79jf |
Authentication Bypass by Primary Weakness exists in adodb/adodb. |
Affected by 3 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-wyd8-1reg-23h2
Aliases: CVE-2025-46337 GHSA-8x27-jwjr-8545 |
SQL injection in ADOdb PostgreSQL driver pg_insert_id() method Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pg_insert_id() with user-supplied data. Note that the indicated Severity corresponds to a worst-case usage scenario. ### Impact PostgreSQL drivers (postgres64, postgres7, postgres8, postgres9). ### Patches Vulnerability is fixed in ADOdb 5.22.9 (11107d6d6e5160b62e05dff8a3a2678cf0e3a426). ### Workarounds Only pass controlled data to pg_insert_id() method's $fieldname parameter, or escape it with pg_escape_identifier() first. ### References - Issue https://github.com/ADOdb/ADOdb/issues/1070 - [Blog post](https://xaliom.blogspot.com/2025/05/from-sast-to-cve-2025-46337.html) by Marco Nappi ### Credits Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability. |
Affected by 1 other vulnerability. |
|
VCID-xvtj-eay9-m3er
Aliases: CVE-2016-7405 GHSA-3fj4-q72x-x2g9 |
SQL Injection The `qstr` method in the PDO driver in the ADOdb Library for PHP might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. |
Affected by 6 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||