Описание
ADOdb Library SQL Injection
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-7405
- https://github.com/ADOdb/ADOdb/issues/226
- https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8
- https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y
- https://security.gentoo.org/glsa/201701-59
- https://web.archive.org/web/20210123170727/http://www.securityfocus.com/bid/92969
- http://www.openwall.com/lists/oss-security/2016/09/07/8
- http://www.openwall.com/lists/oss-security/2016/09/15/1
Пакеты
Наименование
adodb/adodb-php
composer
Затронутые версииВерсия исправления
>= 5.0, < 5.20.7
5.20.7
Связанные уязвимости
CVSS3: 9.8
ubuntu
больше 8 лет назад
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
CVSS3: 9.8
nvd
больше 8 лет назад
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
CVSS3: 9.8
debian
больше 8 лет назад
The qstr method in the PDO driver in the ADOdb Library for PHP before ...
