Critical severity9.8NVD Advisory· Published Oct 3, 2016· Updated May 6, 2026
CVE-2016-7405
CVE-2016-7405
Description
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
adodb/adodb-phpPackagist | >= 5.0, < 5.20.7 | 5.20.7 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- www.openwall.com/lists/oss-security/2016/09/07/8nvdPatchRelease NotesWEB
- www.openwall.com/lists/oss-security/2016/09/15/1nvdPatchRelease NotesWEB
- github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.mdnvdPatchRelease NotesVendor AdvisoryWEB
- github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8nvdPatchVendor AdvisoryWEB
- github.com/ADOdb/ADOdb/issues/226nvdPatchWEB
- www.securityfocus.com/bid/92969nvdThird Party Advisory
- github.com/advisories/GHSA-3fj4-q72x-x2g9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-7405ghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4YghsaWEB
- security.gentoo.org/glsa/201701-59nvdWEB
- web.archive.org/web/20210123170727/http://www.securityfocus.com/bid/92969ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/nvd
News mentions
0No linked articles in our index yet.