CVE-2025-54119

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-54119
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54119.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-54119
Aliases
Downstream
Published
2025-08-05T01:15:41Z
Modified
2025-08-05T21:54:00.933710Z
Summary
[none]
Details

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. This is fixed in version 5.22.10. To workaround this issue, only pass controlled data to metaColumns(), metaForeignKeys() and metaIndexes() method's $table parameter.

References

Affected packages

Debian:11 / libphp-adodb

Package

Name
libphp-adodb
Purl
pkg:deb/debian/libphp-adodb?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.20.19-1
5.20.19-1+deb11u1
5.20.19-1+deb11u2
5.21.0~beta.1-1
5.21.0-1
5.21.4-1
5.22.7-0.1~bpo12+1
5.22.7-0.1
5.22.8-0.1
5.22.9-0.1~bpo12+1
5.22.9-0.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libphp-adodb

Package

Name
libphp-adodb
Purl
pkg:deb/debian/libphp-adodb?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.21.4-1
5.21.4-1+deb12u1
5.22.7-0.1~bpo12+1
5.22.7-0.1
5.22.8-0.1
5.22.9-0.1~bpo12+1
5.22.9-0.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libphp-adodb

Package

Name
libphp-adodb
Purl
pkg:deb/debian/libphp-adodb?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.22.9-0.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/adodb/adodb

Affected ranges

Type
GIT
Repo
https://github.com/adodb/adodb
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v5.*

v5.00beta
v5.01beta
v5.02
v5.02a
v5.03
v5.04
v5.05
v5.06
v5.07
v5.08
v5.08a
v5.09
v5.09a
v5.10
v5.11
v5.12
v5.13
v5.14
v5.15
v5.16
v5.16a
v5.17
v5.18
v5.18a
v5.19
v5.20.0
v5.20.1
v5.20.10
v5.20.11
v5.20.12
v5.20.13
v5.20.14
v5.20.15
v5.20.16
v5.20.17
v5.20.18
v5.20.19
v5.20.2
v5.20.20
v5.20.21
v5.20.3
v5.20.4
v5.20.5
v5.20.6
v5.20.7
v5.20.8
v5.20.9
v5.21.0
v5.21.0-beta.1
v5.21.0-rc.1
v5.21.1
v5.21.2
v5.21.3
v5.21.4
v5.22.0
v5.22.1
v5.22.2
v5.22.3
v5.22.4
v5.22.5
v5.22.6
v5.22.7
v5.22.8
v5.22.9