SQL Injection Vulnerability in ADOdb PHP Database Class Library
CVE-2025-54119

10CRITICAL

Key Information:

Vendor: Adodb
Status: Adodb
Vendor: CVE Published:; 5 August 2025

What is CVE-2025-54119?

The ADOdb PHP database class library is affected by a vulnerability that arises from improper escaping of query parameters. This can lead to the execution of arbitrary SQL statements when an attacker interacts with a sqlite3 database through specific methods such as metaColumns(), metaForeignKeys(), or metaIndexes(). The issue primarily exists in versions 5.22.9 and earlier, where passing an unvalidated or malicious table name can compromise the database's integrity. A fix is available in version 5.22.10, and developers are advised to ensure that only controlled data is supplied to these method parameters to mitigate the risk.

Affected Version(s)

ADOdb < 5.22.10

References

https://github.com/ADOdb/ADOdb/security/advisories/GHSA-v...

x_refsource_CONFIRM

https://github.com/ADOdb/ADOdb/issues/1083

x_refsource_MISC

https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecd...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 5, 2025

Adodb

What is CVE-2025-54119?

Affected Version(s)

References

CVSS V3.1

Timeline