Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-65mj-7c86-79jf

Опубликовано: 27 янв. 2022
Источник: github
Github: Прошло ревью
CVSS3: 9.1

Описание

Authentication Bypass in ADOdb/ADOdb

Impact

An attacker can inject values into a PostgreSQL connection string by providing a parameter surrounded by single quotes.

Depending on how the library is used in the client software, this may allow an attacker to bypass the login process, gain access to the server's IP address, etc.

Patches

The vulnerability is fixed in ADOdb versions 5.20.21 (952de6c4273d9b1e91c2b838044f8c2111150c29) and 5.21.4 or later (b4d5ce70034c5aac3a1d51d317d93c037a0938d2).

The simplest patch is to delete line 29 in drivers/adodb-postgres64.inc.php:

diff --git a/drivers/adodb-postgres64.inc.php b/drivers/adodb-postgres64.inc.php index d04b7f67..729d7141 100644 --- a/drivers/adodb-postgres64.inc.php +++ b/drivers/adodb-postgres64.inc.php @@ -26,7 +26,6 @@ function adodb_addslashes($s) { $len = strlen($s); if ($len == 0) return "''"; - if (strncmp($s,"'",1) === 0 && substr($s,$len-1) == "'") return $s; // already quoted return "'".addslashes($s)."'"; }

Workarounds

Ensure the parameters passed to ADOConnection::connect() or related functions (nConnect(), pConnect()) are not surrounded by single quotes.

Credits

Thanks to Emmet Leahy (@meme-lord) of Sorcery Ltd for reporting this vulnerability, and to the huntr team for their support.

References

For more information

If you have any questions or comments about this advisory:

  • Add a note in issue #793
  • Contact the maintainers on Gitter

Ссылки

Пакеты

Наименование

adodb/adodb-php

composer
Затронутые версииВерсия исправления

<= 5.20.20

5.20.21

Наименование

adodb/adodb-php

composer
Затронутые версииВерсия исправления

>= 5.21.0, <= 5.21.3

5.21.4

EPSS

Процентиль: 43%
0.002
Низкий

9.1 Critical

CVSS3

CVE ID

CVE-2021-3850

Дефекты

CWE-287
CWE-305

Связанные уязвимости

ubuntu логотип

CVE-2021-3850

CVSS3: 9.1
ubuntu
больше 3 лет назад

Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.

nvd логотип

CVE-2021-3850

CVSS3: 9.1
nvd
больше 3 лет назад

Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.

debian логотип

CVE-2021-3850

CVSS3: 9.1
debian
больше 3 лет назад

Authentication Bypass by Primary Weakness in GitHub repository adodb/a ...

redos логотип

ROS-20240403-06

CVSS3: 9.1
redos
около 1 года назад

Уязвимость php-adodb

fstec логотип

BDU:2024-02613

CVSS3: 9.1
fstec
больше 3 лет назад

Уязвимость функции adodb_addslashes() библиотеки adodb, позволяющая нарушителю обойти процесс аутентификации

EPSS

Процентиль: 43%
0.002
Низкий

9.1 Critical

CVSS3

CVE ID

CVE-2021-3850

Дефекты

CWE-287
CWE-305