5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.011 Low
EPSS
Percentile
84.5%
ADOdb is an abstraction library for PHP creating a common API for a wide range of database backends.
Andy Staudacher discovered that ADOdb does not properly sanitize all parameters.
By sending specifically crafted requests to an application that uses ADOdb and a PostgreSQL backend, an attacker might exploit the flaw to execute arbitrary SQL queries on the host.
There is no known workaround at this time.
All ADOdb users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-php/adodb-4.71"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | dev-php/adodb | < 4.71 | UNKNOWN |