CVE-2016-7405
CRITICAL9.8EPSS 3.1%ADOdb Library SQL Injection
Published: 5/17/2022Modified: 4/28/2026
Description
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
Affected packages (2)
- Debian/libphp-adodbfrom 0, < 5.20.6-1
- Packagist/adodb/adodb-php>= 5.0, < 5.20.7
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (10)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-7405
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-7405
- WEBhttps://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md
- WEBhttps://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8
- WEBhttps://github.com/ADOdb/ADOdb/issues/226
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y
- WEBhttps://security.gentoo.org/glsa/201701-59
- WEBhttps://web.archive.org/web/20210123170727/http://www.securityfocus.com/bid/92969
- WEBhttp://www.openwall.com/lists/oss-security/2016/09/07/8
- WEBhttp://www.openwall.com/lists/oss-security/2016/09/15/1