The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2016/09/07/8 | Patch Release Notes |
http://www.openwall.com/lists/oss-security/2016/09/15/1 | Patch Release Notes |
http://www.securityfocus.com/bid/92969 | Third Party Advisory |
https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md | Patch Release Notes Vendor Advisory |
https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8 | Patch Vendor Advisory |
https://github.com/ADOdb/ADOdb/issues/226 | Patch |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/ | |
https://security.gentoo.org/glsa/201701-59 |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
History
07 Nov 2023, 02:34
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2016-10-03 18:59
Updated : 2024-02-28 15:21
NVD link : CVE-2016-7405
Mitre link : CVE-2016-7405
CVE.ORG link : CVE-2016-7405
JSON object : View
Products Affected
adodb_project
- adodb
fedoraproject
- fedora
php
- php
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')