Description
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
References (8)
Core 8
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/
Patch, Release Notes mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/09/07/8
Third Party Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/92969
Patch x_refsource_confirm
https://github.com/ADOdb/ADOdb/issues/226
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201701-59
Patch, Release Notes mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/09/15/1
Patch, Release Notes, Vendor Advisory x_refsource_confirm
https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md
Patch, Vendor Advisory x_refsource_confirm
https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8
Scores
CVSS v3
9.8
EPSS
0.0310
EPSS Percentile
86.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (29)
adodb/adodb-php
5.0 - 5.20.7Packagist
adodb_project/adodb
5.00 beta
adodb_project/adodb
5.01 beta
adodb_project/adodb
5.02 (2 CPE variants)
adodb_project/adodb
5.03
adodb_project/adodb
5.04 (2 CPE variants)
adodb_project/adodb
5.05
adodb_project/adodb
5.06 (2 CPE variants)
adodb_project/adodb
5.07
adodb_project/adodb
5.08 (2 CPE variants)
... and 19 more
Published
Oct 03, 2016
Tracked Since
Feb 18, 2026