VulnerableCode Package Details - pkg:composer/adodb/adodb-php@5.22.9

Search for packages

Vulnerability	Summary	Fixed by
VCID-73nz-mq75-pbhu Aliases: CVE-2025-54119 GHSA-vf2r-cxg9-p7rf	The ADOdb sqlite3 driver allows SQL injection Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. Note that the indicated Severity corresponds to a worst-case usage scenario, e.g. allowing user-supplied data to be sent as-is to the above-mentioned methods. ### Impact SQLite3 driver. ### Patches Vulnerability is fixed in ADOdb 5.22.10 (https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03). ### Workarounds Only pass controlled data to metaColumns(), metaForeignKeys() and metaIndexes() method's $table parameter. ### Credits Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability.	5.22.10 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-73nz-mq75-pbhu
Aliases:
CVE-2025-54119
GHSA-vf2r-cxg9-p7rf

The ADOdb sqlite3 driver allows SQL injection Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. Note that the indicated Severity corresponds to a worst-case usage scenario, e.g. allowing user-supplied data to be sent as-is to the above-mentioned methods. ### Impact SQLite3 driver. ### Patches Vulnerability is fixed in ADOdb 5.22.10 (https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03). ### Workarounds Only pass controlled data to metaColumns(), metaForeignKeys() and metaIndexes() method's $table parameter. ### Credits Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability.

5.22.10
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-wyd8-1reg-23h2	SQL injection in ADOdb PostgreSQL driver pg_insert_id() method Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pg_insert_id() with user-supplied data. Note that the indicated Severity corresponds to a worst-case usage scenario. ### Impact PostgreSQL drivers (postgres64, postgres7, postgres8, postgres9). ### Patches Vulnerability is fixed in ADOdb 5.22.9 (11107d6d6e5160b62e05dff8a3a2678cf0e3a426). ### Workarounds Only pass controlled data to pg_insert_id() method's $fieldname parameter, or escape it with pg_escape_identifier() first. ### References - Issue https://github.com/ADOdb/ADOdb/issues/1070 - [Blog post](https://xaliom.blogspot.com/2025/05/from-sast-to-cve-2025-46337.html) by Marco Nappi ### Credits Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability.	CVE-2025-46337 GHSA-8x27-jwjr-8545

Vulnerability

Summary

Aliases

VCID-wyd8-1reg-23h2

SQL injection in ADOdb PostgreSQL driver pg_insert_id() method Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pg_insert_id() with user-supplied data. Note that the indicated Severity corresponds to a worst-case usage scenario. ### Impact PostgreSQL drivers (postgres64, postgres7, postgres8, postgres9). ### Patches Vulnerability is fixed in ADOdb 5.22.9 (11107d6d6e5160b62e05dff8a3a2678cf0e3a426). ### Workarounds Only pass controlled data to pg_insert_id() method's $fieldname parameter, or escape it with pg_escape_identifier() first. ### References - Issue https://github.com/ADOdb/ADOdb/issues/1070 - [Blog post](https://xaliom.blogspot.com/2025/05/from-sast-to-cve-2025-46337.html) by Marco Nappi ### Credits Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability.

CVE-2025-46337
GHSA-8x27-jwjr-8545

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:34:29.654263+00:00	GitLab Importer	Affected by	VCID-73nz-mq75-pbhu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/adodb/adodb-php/CVE-2025-54119.yml	38.4.0
2026-04-12T00:54:39.357776+00:00	GitLab Importer	Affected by	VCID-73nz-mq75-pbhu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/adodb/adodb-php/CVE-2025-54119.yml	38.3.0
2026-04-07T04:58:20.335863+00:00	GHSA Importer	Affected by	VCID-73nz-mq75-pbhu	https://github.com/advisories/GHSA-vf2r-cxg9-p7rf	38.1.0
2026-04-07T04:57:44.184365+00:00	GHSA Importer	Fixing	VCID-wyd8-1reg-23h2	https://github.com/advisories/GHSA-8x27-jwjr-8545	38.1.0
2026-04-03T01:02:45.685563+00:00	GitLab Importer	Affected by	VCID-73nz-mq75-pbhu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/adodb/adodb-php/CVE-2025-54119.yml	38.1.0
2026-04-02T12:41:22.259232+00:00	GitLab Importer	Fixing	VCID-wyd8-1reg-23h2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/adodb/adodb-php/CVE-2025-46337.yml	38.0.0
2026-04-01T12:57:01.426122+00:00	GithubOSV Importer	Fixing	VCID-wyd8-1reg-23h2	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/05/GHSA-8x27-jwjr-8545/GHSA-8x27-jwjr-8545.json	38.0.0