CVE-2016-7405

critical

Description

The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.

References

https://tuxcare.com/blog/critical-adodb-vulnerabilities-fixed-in-ubuntu/?web_view=true

https://security.gentoo.org/glsa/201701-59

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/

https://github.com/ADOdb/ADOdb/issues/226

https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8

https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md

http://www.securityfocus.com/bid/92969

http://www.openwall.com/lists/oss-security/2016/09/15/1

http://www.openwall.com/lists/oss-security/2016/09/07/8

Details

Source: Mitre, NVD

Published: 2016-10-03

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics