VulnerableCode Package Details - pkg:deb/debian/libphp-adodb@5.20.14-1%2Bdeb10u1

Search for packages

Vulnerability	Summary	Fixed by
VCID-73nz-mq75-pbhu Aliases: CVE-2025-54119 GHSA-vf2r-cxg9-p7rf	The ADOdb sqlite3 driver allows SQL injection Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. Note that the indicated Severity corresponds to a worst-case usage scenario, e.g. allowing user-supplied data to be sent as-is to the above-mentioned methods. ### Impact SQLite3 driver. ### Patches Vulnerability is fixed in ADOdb 5.22.10 (https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03). ### Workarounds Only pass controlled data to metaColumns(), metaForeignKeys() and metaIndexes() method's $table parameter. ### Credits Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability.	5.21.4-1+deb12u2 Affected by 0 other vulnerabilities.
VCID-uz7x-nkta-xkez Aliases: CVE-2021-3850 GHSA-65mj-7c86-79jf	Authentication Bypass by Primary Weakness exists in adodb/adodb.	5.20.19-1+deb11u1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-wyd8-1reg-23h2 Aliases: CVE-2025-46337 GHSA-8x27-jwjr-8545	SQL injection in ADOdb PostgreSQL driver pg_insert_id() method Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pg_insert_id() with user-supplied data. Note that the indicated Severity corresponds to a worst-case usage scenario. ### Impact PostgreSQL drivers (postgres64, postgres7, postgres8, postgres9). ### Patches Vulnerability is fixed in ADOdb 5.22.9 (11107d6d6e5160b62e05dff8a3a2678cf0e3a426). ### Workarounds Only pass controlled data to pg_insert_id() method's $fieldname parameter, or escape it with pg_escape_identifier() first. ### References - Issue https://github.com/ADOdb/ADOdb/issues/1070 - [Blog post](https://xaliom.blogspot.com/2025/05/from-sast-to-cve-2025-46337.html) by Marco Nappi ### Credits Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability.	5.21.4-1+deb12u2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-73nz-mq75-pbhu
Aliases:
CVE-2025-54119
GHSA-vf2r-cxg9-p7rf

The ADOdb sqlite3 driver allows SQL injection Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. Note that the indicated Severity corresponds to a worst-case usage scenario, e.g. allowing user-supplied data to be sent as-is to the above-mentioned methods. ### Impact SQLite3 driver. ### Patches Vulnerability is fixed in ADOdb 5.22.10 (https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03). ### Workarounds Only pass controlled data to metaColumns(), metaForeignKeys() and metaIndexes() method's $table parameter. ### Credits Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability.

5.21.4-1+deb12u2
Affected by 0 other vulnerabilities.

VCID-uz7x-nkta-xkez
Aliases:
CVE-2021-3850
GHSA-65mj-7c86-79jf

Authentication Bypass by Primary Weakness exists in adodb/adodb.

5.20.19-1+deb11u1
Affected by 2 other vulnerabilities.

VCID-wyd8-1reg-23h2
Aliases:
CVE-2025-46337
GHSA-8x27-jwjr-8545

SQL injection in ADOdb PostgreSQL driver pg_insert_id() method Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pg_insert_id() with user-supplied data. Note that the indicated Severity corresponds to a worst-case usage scenario. ### Impact PostgreSQL drivers (postgres64, postgres7, postgres8, postgres9). ### Patches Vulnerability is fixed in ADOdb 5.22.9 (11107d6d6e5160b62e05dff8a3a2678cf0e3a426). ### Workarounds Only pass controlled data to pg_insert_id() method's $fieldname parameter, or escape it with pg_escape_identifier() first. ### References - Issue https://github.com/ADOdb/ADOdb/issues/1070 - [Blog post](https://xaliom.blogspot.com/2025/05/from-sast-to-cve-2025-46337.html) by Marco Nappi ### Credits Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability.

5.21.4-1+deb12u2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-uz7x-nkta-xkez	Authentication Bypass by Primary Weakness exists in adodb/adodb.	CVE-2021-3850 GHSA-65mj-7c86-79jf

Vulnerability

Summary

Aliases

VCID-uz7x-nkta-xkez

Authentication Bypass by Primary Weakness exists in adodb/adodb.

CVE-2021-3850
GHSA-65mj-7c86-79jf

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T19:05:04.204289+00:00	Debian Oval Importer	Affected by	VCID-73nz-mq75-pbhu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T17:45:18.531764+00:00	Debian Oval Importer	Affected by	VCID-uz7x-nkta-xkez	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T17:39:22.479577+00:00	Debian Oval Importer	Affected by	VCID-wyd8-1reg-23h2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T14:50:15.146230+00:00	Debian Oval Importer	Fixing	VCID-uz7x-nkta-xkez	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.4.0
2026-04-11T18:48:59.691093+00:00	Debian Oval Importer	Affected by	VCID-73nz-mq75-pbhu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:31:19.750270+00:00	Debian Oval Importer	Affected by	VCID-uz7x-nkta-xkez	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:25:33.848532+00:00	Debian Oval Importer	Affected by	VCID-wyd8-1reg-23h2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T14:38:29.254105+00:00	Debian Oval Importer	Fixing	VCID-uz7x-nkta-xkez	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.3.0
2026-04-08T18:33:55.008163+00:00	Debian Oval Importer	Affected by	VCID-73nz-mq75-pbhu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T17:19:14.147426+00:00	Debian Oval Importer	Affected by	VCID-uz7x-nkta-xkez	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T17:13:42.688585+00:00	Debian Oval Importer	Affected by	VCID-wyd8-1reg-23h2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-07T23:11:34.910126+00:00	Debian Oval Importer	Fixing	VCID-uz7x-nkta-xkez	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.1.0