CVE-2016-7405
CRITICAL9.8EPSS 3.1%ADOdb Library SQL Injection
發布日:2022/5/17修改日:2026/4/28
描述
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
受影響套件(2)
- Debian/libphp-adodbfrom 0, < 5.20.6-1
- Packagist/adodb/adodb-php>= 5.0, < 5.20.7
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
參考連結(10)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-7405
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-7405
- WEBhttps://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md
- WEBhttps://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8
- WEBhttps://github.com/ADOdb/ADOdb/issues/226
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y
- WEBhttps://security.gentoo.org/glsa/201701-59
- WEBhttps://web.archive.org/web/20210123170727/http://www.securityfocus.com/bid/92969
- WEBhttp://www.openwall.com/lists/oss-security/2016/09/07/8
- WEBhttp://www.openwall.com/lists/oss-security/2016/09/15/1