CVE-2025-46337
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-46337
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-46337.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-46337
- Aliases
- Downstream
- Related
- Published
- 2025-05-01T17:20:10Z
- Modified
- 2025-10-22T18:46:07.159514Z
- Severity
-
- 10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L CVSS Calculator
- Summary
- SQL injection in ADOdb PostgreSQL driver pg_insert_id() method
- Details
-
ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pginsertid() with user-supplied data. This issue has been patched in version 5.22.9.
- Database specific
{ "cwe_ids": [ "CWE-89" ] }- References
-
- https://github.com/ADOdb/ADOdb/security/advisories/GHSA-8x27-jwjr-8545
- https://xaliom.blogspot.com/2025/05/from-sast-to-cve-2025-46337.html
- https://github.com/ADOdb/ADOdb/commit/11107d6d6e5160b62e05dff8a3a2678cf0e3a426
- https://github.com/ADOdb/ADOdb/issues/1070
- https://lists.debian.org/debian-lts-announce/2025/05/msg00029.html
Affected packages
Git / github.com/adodb/adodb
Affected ranges
- Type
- GIT
- Repo
- https://github.com/adodb/adodb
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v5.*
v5.00beta
v5.01beta
v5.02
v5.02a
v5.03
v5.04
v5.05
v5.06
v5.07
v5.08
v5.08a
v5.09
v5.09a
v5.10
v5.11
v5.12
v5.13
v5.14
v5.15
v5.16
v5.16a
v5.17
v5.18
v5.18a
v5.19
v5.20.0
v5.20.1
v5.20.10
v5.20.11
v5.20.12
v5.20.13
v5.20.14
v5.20.15
v5.20.16
v5.20.17
v5.20.18
v5.20.19
v5.20.2
v5.20.20
v5.20.21
v5.20.3
v5.20.4
v5.20.5
v5.20.6
v5.20.7
v5.20.8
v5.20.9
v5.21.0
v5.21.0-beta.1
v5.21.0-rc.1
v5.21.1
v5.21.2
v5.21.3
v5.21.4
v5.22.0
v5.22.1
v5.22.2
v5.22.3
v5.22.4
v5.22.5
v5.22.6
v5.22.7
v5.22.8