CVE-2016-7405 – adodb/adodb-php

Package

Manager: composer
Name: adodb/adodb-php
Vulnerable Version: >=5.0 <5.20.7

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.03101 pctl0.86277

Details

ADOdb Library SQL Injection The `qstr` method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.

Metadata

Created: 2022-05-17T02:37:05Z
Modified: 2023-07-31T19:43:14Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3fj4-q72x-x2g9/GHSA-3fj4-q72x-x2g9.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-3fj4-q72x-x2g9
Finding: F297
Auto approve: 1