VulnerableCode Package Details - pkg:composer/adodb/adodb-php@5.22.8

Search for packages

Vulnerability	Summary	Fixed by
VCID-73nz-mq75-pbhu Aliases: CVE-2025-54119 GHSA-vf2r-cxg9-p7rf	The ADOdb sqlite3 driver allows SQL injection Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. Note that the indicated Severity corresponds to a worst-case usage scenario, e.g. allowing user-supplied data to be sent as-is to the above-mentioned methods. ### Impact SQLite3 driver. ### Patches Vulnerability is fixed in ADOdb 5.22.10 (https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03). ### Workarounds Only pass controlled data to metaColumns(), metaForeignKeys() and metaIndexes() method's $table parameter. ### Credits Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability.	5.22.10 Affected by 0 other vulnerabilities.
VCID-wyd8-1reg-23h2 Aliases: CVE-2025-46337 GHSA-8x27-jwjr-8545	SQL injection in ADOdb PostgreSQL driver pg_insert_id() method Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pg_insert_id() with user-supplied data. Note that the indicated Severity corresponds to a worst-case usage scenario. ### Impact PostgreSQL drivers (postgres64, postgres7, postgres8, postgres9). ### Patches Vulnerability is fixed in ADOdb 5.22.9 (11107d6d6e5160b62e05dff8a3a2678cf0e3a426). ### Workarounds Only pass controlled data to pg_insert_id() method's $fieldname parameter, or escape it with pg_escape_identifier() first. ### References - Issue https://github.com/ADOdb/ADOdb/issues/1070 - [Blog post](https://xaliom.blogspot.com/2025/05/from-sast-to-cve-2025-46337.html) by Marco Nappi ### Credits Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability.	5.22.9 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-73nz-mq75-pbhu
Aliases:
CVE-2025-54119
GHSA-vf2r-cxg9-p7rf

The ADOdb sqlite3 driver allows SQL injection Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. Note that the indicated Severity corresponds to a worst-case usage scenario, e.g. allowing user-supplied data to be sent as-is to the above-mentioned methods. ### Impact SQLite3 driver. ### Patches Vulnerability is fixed in ADOdb 5.22.10 (https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03). ### Workarounds Only pass controlled data to metaColumns(), metaForeignKeys() and metaIndexes() method's $table parameter. ### Credits Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability.

5.22.10
Affected by 0 other vulnerabilities.

VCID-wyd8-1reg-23h2
Aliases:
CVE-2025-46337
GHSA-8x27-jwjr-8545

SQL injection in ADOdb PostgreSQL driver pg_insert_id() method Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pg_insert_id() with user-supplied data. Note that the indicated Severity corresponds to a worst-case usage scenario. ### Impact PostgreSQL drivers (postgres64, postgres7, postgres8, postgres9). ### Patches Vulnerability is fixed in ADOdb 5.22.9 (11107d6d6e5160b62e05dff8a3a2678cf0e3a426). ### Workarounds Only pass controlled data to pg_insert_id() method's $fieldname parameter, or escape it with pg_escape_identifier() first. ### References - Issue https://github.com/ADOdb/ADOdb/issues/1070 - [Blog post](https://xaliom.blogspot.com/2025/05/from-sast-to-cve-2025-46337.html) by Marco Nappi ### Credits Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability.

5.22.9
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:34:29.650889+00:00	GitLab Importer	Affected by	VCID-73nz-mq75-pbhu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/adodb/adodb-php/CVE-2025-54119.yml	38.4.0
2026-04-16T23:28:09.609235+00:00	GitLab Importer	Affected by	VCID-wyd8-1reg-23h2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/adodb/adodb-php/CVE-2025-46337.yml	38.4.0
2026-04-12T00:54:39.354195+00:00	GitLab Importer	Affected by	VCID-73nz-mq75-pbhu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/adodb/adodb-php/CVE-2025-54119.yml	38.3.0
2026-04-12T00:47:44.584705+00:00	GitLab Importer	Affected by	VCID-wyd8-1reg-23h2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/adodb/adodb-php/CVE-2025-46337.yml	38.3.0
2026-04-07T04:57:44.180711+00:00	GHSA Importer	Affected by	VCID-wyd8-1reg-23h2	https://github.com/advisories/GHSA-8x27-jwjr-8545	38.1.0
2026-04-03T01:02:45.681906+00:00	GitLab Importer	Affected by	VCID-73nz-mq75-pbhu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/adodb/adodb-php/CVE-2025-54119.yml	38.1.0
2026-04-03T00:55:42.887260+00:00	GitLab Importer	Affected by	VCID-wyd8-1reg-23h2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/adodb/adodb-php/CVE-2025-46337.yml	38.1.0