CVE-2025-46337
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-46337
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-46337.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-46337
- Aliases
- Related
- Published
- 2025-05-01T18:15:57Z
- Modified
- 2025-05-24T22:46:50.070688Z
- Downstream
- Summary
- [none]
- Details
-
ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pginsertid() with user-supplied data. This issue has been patched in version 5.22.9.
- References
-
- https://github.com/ADOdb/ADOdb/security/advisories/GHSA-8x27-jwjr-8545
- https://xaliom.blogspot.com/2025/05/from-sast-to-cve-2025-46337.html
- https://github.com/ADOdb/ADOdb/commit/11107d6d6e5160b62e05dff8a3a2678cf0e3a426
- https://github.com/ADOdb/ADOdb/issues/1070
- https://security-tracker.debian.org/tracker/CVE-2025-46337
Affected packages
Debian:11 / libphp-adodb
Package
- Name
- libphp-adodb
- Purl
- pkg:deb/debian/libphp-adodb?arch=source
Debian:12 / libphp-adodb
Package
- Name
- libphp-adodb
- Purl
- pkg:deb/debian/libphp-adodb?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13 / libphp-adodb
Package
- Name
- libphp-adodb
- Purl
- pkg:deb/debian/libphp-adodb?arch=source
Git / github.com/adodb/adodb
Affected ranges
- Type
- GIT
- Repo
- https://github.com/adodb/adodb
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v5.*
v5.00beta
v5.01beta
v5.02
v5.02a
v5.03
v5.04
v5.05
v5.06
v5.07
v5.08
v5.08a
v5.09
v5.09a
v5.10
v5.11
v5.12
v5.13
v5.14
v5.15
v5.16
v5.16a
v5.17
v5.18
v5.18a
v5.19
v5.20.0
v5.20.1
v5.20.10
v5.20.11
v5.20.12
v5.20.13
v5.20.14
v5.20.15
v5.20.16
v5.20.17
v5.20.18
v5.20.19
v5.20.2
v5.20.20
v5.20.21
v5.20.3
v5.20.4
v5.20.5
v5.20.6
v5.20.7
v5.20.8
v5.20.9
v5.21.0
v5.21.0-beta.1
v5.21.0-rc.1
v5.21.1
v5.21.2
v5.21.3
v5.21.4
v5.22.0
v5.22.1
v5.22.2
v5.22.3
v5.22.4
v5.22.5
v5.22.6
v5.22.7
v5.22.8