Packagist (Composer) package
adodb/adodb-php
pkg:composer/adodb/adodb-php
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-54119 | Cri | 10.0 | < 5.22.10 | 5.22.10 | Aug 5, 2025 | ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a s | |
| CVE-2025-46337 | Cri | 10.0 | < 5.22.9 | 5.22.9 | May 1, 2025 | ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a Postgr | |
| CVE-2021-3850 | — | < 5.20.21 | 5.20.21 | Jan 25, 2022 | Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21. | ||
| CVE-2016-4855 | Med | 6.1 | < 5.20.6 | 5.20.6 | May 12, 2017 | Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |
| CVE-2016-7405 | Cri | 9.8 | >= 5.0, < 5.20.7 | 5.20.7 | Oct 3, 2016 | The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. |
- affected < 5.22.10fixed 5.22.10
ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a s
- affected < 5.22.9fixed 5.22.9
ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a Postgr
- CVE-2021-3850Jan 25, 2022affected < 5.20.21fixed 5.20.21
Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.
- affected < 5.20.6fixed 5.20.6
Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- affected >= 5.0, < 5.20.7fixed 5.20.7
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.