CVE-2016-7405

The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:adodb_project:adodb:5.00:beta:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.01:beta:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.02:*:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.02:a:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.03:*:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.04:*:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.04:a:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.05:*:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.06:*:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.06:a:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.07:*:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.08:*:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.08:a:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.09:*:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.09:a:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.10:*:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.11:*:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.12:*:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.13:*:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.14:*:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.15:*:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.16:*:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.16:a:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.17:*:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.18:*:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.18:a:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.19:*:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.20.0:*:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.20.1:*:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.20.2:*:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.20.3:*:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.20.4:*:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.20.5:*:*:*:*:*:*:*
cpe:2.3:a:adodb_project:adodb:5.20.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:-:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*

History

21 Nov 2024, 02:57

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2016/09/07/8 - Patch, Release Notes () http://www.openwall.com/lists/oss-security/2016/09/07/8 - Patch, Release Notes
References () http://www.openwall.com/lists/oss-security/2016/09/15/1 - Patch, Release Notes () http://www.openwall.com/lists/oss-security/2016/09/15/1 - Patch, Release Notes
References () http://www.securityfocus.com/bid/92969 - Third Party Advisory () http://www.securityfocus.com/bid/92969 - Third Party Advisory
References () https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md - Patch, Release Notes, Vendor Advisory () https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md - Patch, Release Notes, Vendor Advisory
References () https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8 - Patch, Vendor Advisory () https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8 - Patch, Vendor Advisory
References () https://github.com/ADOdb/ADOdb/issues/226 - Patch () https://github.com/ADOdb/ADOdb/issues/226 - Patch
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/ -
References () https://security.gentoo.org/glsa/201701-59 - () https://security.gentoo.org/glsa/201701-59 -

07 Nov 2023, 02:34

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/', 'name': 'FEDORA-2016-c5ec2c17e6', 'tags': ['Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/ -

Information

Published : 2016-10-03 18:59

Updated : 2024-11-21 02:57


NVD link : CVE-2016-7405

Mitre link : CVE-2016-7405

CVE.ORG link : CVE-2016-7405


JSON object : View

Products Affected

php

  • php

adodb_project

  • adodb

fedoraproject

  • fedora
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')