VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-xvtj-eay9-m3er

Essentials
Severities (28)
References (15)
Severity details (19)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-xvtj-eay9-m3er
Aliases	CVE-2016-7405 GHSA-3fj4-q72x-x2g9
Summary	SQL Injection The `qstr` method in the PDO driver in the ADOdb Library for PHP might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.03101	https://api.first.org/data/v1/epss?cve=CVE-2016-7405
epss	0.03101	https://api.first.org/data/v1/epss?cve=CVE-2016-7405
epss	0.03101	https://api.first.org/data/v1/epss?cve=CVE-2016-7405
epss	0.03101	https://api.first.org/data/v1/epss?cve=CVE-2016-7405
epss	0.03101	https://api.first.org/data/v1/epss?cve=CVE-2016-7405
epss	0.03101	https://api.first.org/data/v1/epss?cve=CVE-2016-7405
epss	0.03101	https://api.first.org/data/v1/epss?cve=CVE-2016-7405
epss	0.03101	https://api.first.org/data/v1/epss?cve=CVE-2016-7405
epss	0.03101	https://api.first.org/data/v1/epss?cve=CVE-2016-7405
cvssv3.1	9.8	https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md
generic_textual	CRITICAL	https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md
cvssv3.1	9.8	https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8
generic_textual	CRITICAL	https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8
cvssv3.1	9.8	https://github.com/ADOdb/ADOdb/issues/226
generic_textual	CRITICAL	https://github.com/ADOdb/ADOdb/issues/226
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-3fj4-q72x-x2g9
cvssv3.1	9.8	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y
generic_textual	CRITICAL	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2016-7405
generic_textual	CRITICAL	https://nvd.nist.gov/vuln/detail/CVE-2016-7405
cvssv3.1	9.8	https://security.gentoo.org/glsa/201701-59
generic_textual	CRITICAL	https://security.gentoo.org/glsa/201701-59
cvssv3.1	9.8	https://web.archive.org/web/20210123170727/http://www.securityfocus.com/bid/92969
generic_textual	CRITICAL	https://web.archive.org/web/20210123170727/http://www.securityfocus.com/bid/92969
cvssv3.1	9.8	http://www.openwall.com/lists/oss-security/2016/09/07/8
generic_textual	CRITICAL	http://www.openwall.com/lists/oss-security/2016/09/07/8
cvssv3.1	9.8	http://www.openwall.com/lists/oss-security/2016/09/15/1
generic_textual	CRITICAL	http://www.openwall.com/lists/oss-security/2016/09/15/1

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2016-7405
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7405
		https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md
		https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8
		https://github.com/ADOdb/ADOdb/issues/226
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/
		https://security.gentoo.org/glsa/201701-59
		https://web.archive.org/web/20210123170727/http://www.securityfocus.com/bid/92969
		http://www.openwall.com/lists/oss-security/2016/09/07/8
		http://www.openwall.com/lists/oss-security/2016/09/15/1
837211		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837211
CVE-2016-7405		https://nvd.nist.gov/vuln/detail/CVE-2016-7405
GHSA-3fj4-q72x-x2g9		https://github.com/advisories/GHSA-3fj4-q72x-x2g9
USN-6825-1		https://usn.ubuntu.com/6825-1/

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/ADOdb/ADOdb/issues/226

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-7405

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/201701-59

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://web.archive.org/web/20210123170727/http://www.securityfocus.com/bid/92969

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2016/09/07/8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2016/09/15/1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.86744
EPSS Score	0.03101
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:47:06.285191+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/adodb/adodb-php/CVE-2016-7405.yml	38.0.0