CVE-2025-54119
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-54119
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54119.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-54119
- Aliases
- Downstream
- Published
- 2025-08-05T00:12:52Z
- Modified
- 2025-10-22T18:47:45.775967Z
- Severity
-
- 10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L CVSS Calculator
- Summary
- ADOdb's sqlite3 driver allows SQL injection
- Details
-
ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. This is fixed in version 5.22.10. To workaround this issue, only pass controlled data to metaColumns(), metaForeignKeys() and metaIndexes() method's $table parameter.
- Database specific
{ "cwe_ids": [ "CWE-89" ] }- References
Affected packages
Git / github.com/adodb/adodb
Affected ranges
- Type
- GIT
- Repo
- https://github.com/adodb/adodb
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v5.*
v5.00beta
v5.01beta
v5.02
v5.02a
v5.03
v5.04
v5.05
v5.06
v5.07
v5.08
v5.08a
v5.09
v5.09a
v5.10
v5.11
v5.12
v5.13
v5.14
v5.15
v5.16
v5.16a
v5.17
v5.18
v5.18a
v5.19
v5.20.0
v5.20.1
v5.20.10
v5.20.11
v5.20.12
v5.20.13
v5.20.14
v5.20.15
v5.20.16
v5.20.17
v5.20.18
v5.20.19
v5.20.2
v5.20.20
v5.20.21
v5.20.3
v5.20.4
v5.20.5
v5.20.6
v5.20.7
v5.20.8
v5.20.9
v5.21.0
v5.21.0-beta.1
v5.21.0-rc.1
v5.21.1
v5.21.2
v5.21.3
v5.21.4
v5.22.0
v5.22.1
v5.22.2
v5.22.3
v5.22.4
v5.22.5
v5.22.6
v5.22.7
v5.22.8
v5.22.9