CVE-2025-46337

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-46337
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-46337.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-46337
Aliases
Related
Published
2025-05-01T18:15:57Z
Modified
2025-05-17T14:25:15.824889Z
Summary
[none]
Details

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pginsertid() with user-supplied data. This issue has been patched in version 5.22.9.

References

Affected packages

Debian:11 / libphp-adodb

Package

Name
libphp-adodb
Purl
pkg:deb/debian/libphp-adodb?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.20.19-1
5.20.19-1+deb11u1
5.21.0~beta.1-1
5.21.0-1
5.21.4-1
5.22.7-0.1~bpo12+1
5.22.7-0.1
5.22.8-0.1
5.22.9-0.1~bpo12+1
5.22.9-0.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libphp-adodb

Package

Name
libphp-adodb
Purl
pkg:deb/debian/libphp-adodb?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.21.4-1
5.22.7-0.1~bpo12+1
5.22.7-0.1
5.22.8-0.1
5.22.9-0.1~bpo12+1
5.22.9-0.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libphp-adodb

Package

Name
libphp-adodb
Purl
pkg:deb/debian/libphp-adodb?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.22.9-0.1

Affected versions

5.*

5.21.4-1
5.22.7-0.1~bpo12+1
5.22.7-0.1
5.22.8-0.1
5.22.9-0.1~bpo12+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/adodb/adodb

Affected ranges

Type
GIT
Repo
https://github.com/adodb/adodb
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v5.*

v5.00beta
v5.01beta
v5.02
v5.02a
v5.03
v5.04
v5.05
v5.06
v5.07
v5.08
v5.08a
v5.09
v5.09a
v5.10
v5.11
v5.12
v5.13
v5.14
v5.15
v5.16
v5.16a
v5.17
v5.18
v5.18a
v5.19
v5.20.0
v5.20.1
v5.20.10
v5.20.11
v5.20.12
v5.20.13
v5.20.14
v5.20.15
v5.20.16
v5.20.17
v5.20.18
v5.20.19
v5.20.2
v5.20.20
v5.20.21
v5.20.3
v5.20.4
v5.20.5
v5.20.6
v5.20.7
v5.20.8
v5.20.9
v5.21.0
v5.21.0-beta.1
v5.21.0-rc.1
v5.21.1
v5.21.2
v5.21.3
v5.21.4
v5.22.0
v5.22.1
v5.22.2
v5.22.3
v5.22.4
v5.22.5
v5.22.6
v5.22.7
v5.22.8