SQL Injection Vulnerability in ADOdb Library for PHP
CVE-2016-7405

9.8CRITICAL

Key Information:

Vendor

Adodb Project

Status
Adodb
Vendor
CVE Published:
3 October 2016

What is CVE-2016-7405?

The qstr method in the PDO driver of the ADOdb Library for PHP, prior to version 5.20.7, is susceptible to SQL injection attacks due to improper handling of quoted strings. This vulnerability can be exploited by remote attackers, potentially allowing them to manipulate SQL queries and access sensitive data within the database. Proper validation and sanitization of input data are crucial to mitigate this risk.

References

https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2016/09/07/8
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/92969
vdb-entryx_refsource_BID

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.