CVE-2025-54119

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-54119

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54119.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-54119

Aliases

GHSA-vf2r-cxg9-p7rf

Downstream

UBUNTU-CVE-2025-54119

Published

2025-08-05T01:15:41Z

Modified

2025-08-05T21:54:00.933710Z

Summary

[none]

Details

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. This is fixed in version 5.22.10. To workaround this issue, only pass controlled data to metaColumns(), metaForeignKeys() and metaIndexes() method's $table parameter.

References

Affected packages

Debian:11 / libphp-adodb

Package

Name: libphp-adodb
Purl: pkg:deb/debian/libphp-adodb?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.20.19-1

5.20.19-1+deb11u1

5.20.19-1+deb11u2

5.21.0~beta.1-1

5.21.0-1

5.21.4-1

5.22.7-0.1~bpo12+1

5.22.7-0.1

5.22.8-0.1

5.22.9-0.1~bpo12+1

5.22.9-0.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libphp-adodb

Package

Name: libphp-adodb
Purl: pkg:deb/debian/libphp-adodb?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.21.4-1

5.21.4-1+deb12u1

5.22.7-0.1~bpo12+1

5.22.7-0.1

5.22.8-0.1

5.22.9-0.1~bpo12+1

5.22.9-0.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libphp-adodb

Package

Name: libphp-adodb
Purl: pkg:deb/debian/libphp-adodb?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.22.9-0.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/adodb/adodb

Affected ranges

Type: GIT
Repo: https://github.com/adodb/adodb
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5b8bd52cdcffefb4ecded1b399c98cfa516afe03

Affected versions

v5.*

v5.00beta

v5.01beta

v5.02

v5.02a

v5.03

v5.04

v5.05

v5.06

v5.07

v5.08

v5.08a

v5.09

v5.09a

v5.10

v5.11

v5.12

v5.13

v5.14

v5.15

v5.16

v5.16a

v5.17

v5.18

v5.18a

v5.19

v5.20.0

v5.20.1

v5.20.10

v5.20.11

v5.20.12

v5.20.13

v5.20.14

v5.20.15

v5.20.16

v5.20.17

v5.20.18

v5.20.19

v5.20.2

v5.20.20

v5.20.21

v5.20.3

v5.20.4

v5.20.5

v5.20.6

v5.20.7

v5.20.8

v5.20.9

v5.21.0

v5.21.0-beta.1

v5.21.0-rc.1

v5.21.1

v5.21.2

v5.21.3

v5.21.4

v5.22.0

v5.22.1

v5.22.2

v5.22.3

v5.22.4

v5.22.5

v5.22.6

v5.22.7

v5.22.8

v5.22.9