Описание
ADOdb Library SQL Injection
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-7405
- https://github.com/ADOdb/ADOdb/issues/226
- https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8
- https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y
- https://security.gentoo.org/glsa/201701-59
- https://web.archive.org/web/20210123170727/http://www.securityfocus.com/bid/92969
- http://www.openwall.com/lists/oss-security/2016/09/07/8
- http://www.openwall.com/lists/oss-security/2016/09/15/1
Пакеты
Наименование
adodb/adodb-php
composer
Затронутые версииВерсия исправления
>= 5.0, < 5.20.7
5.20.7
Связанные уязвимости
CVSS3: 9.8
ubuntu
почти 9 лет назад
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
CVSS3: 9.8
nvd
почти 9 лет назад
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
CVSS3: 9.8
debian
почти 9 лет назад
The qstr method in the PDO driver in the ADOdb Library for PHP before ...
