GHSA-3fj4-q72x-x2g9

Source

https://github.com/advisories/GHSA-3fj4-q72x-x2g9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3fj4-q72x-x2g9/GHSA-3fj4-q72x-x2g9.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3fj4-q72x-x2g9

Aliases

CVE-2016-7405

Published

2022-05-17T02:37:05Z

Modified

2024-02-21T05:32:01.394052Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

ADOdb Library SQL Injection

Details

The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.

Database specific

{
    "nvd_published_at": "2016-10-03T18:59:00Z",
    "cwe_ids": [
        "CWE-89"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-31T19:43:14Z"
}

References

Affected packages

Packagist / adodb/adodb-php

Package

Name: adodb/adodb-php
Purl: pkg:composer/adodb/adodb-php

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0

Fixed

5.20.7

Affected versions

v5.*

v5.19

v5.20.0

v5.20.1

v5.20.2

v5.20.3

v5.20.4

v5.20.5

v5.20.6