Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-7405

The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.

Published

2016-10-03T18:59:14.150

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	adodb_project	adodb	5.00	Yes
Application	adodb_project	adodb	5.01	Yes
Application	adodb_project	adodb	5.02	Yes
Application	adodb_project	adodb	5.02	Yes
Application	adodb_project	adodb	5.03	Yes
Application	adodb_project	adodb	5.04	Yes
Application	adodb_project	adodb	5.04	Yes
Application	adodb_project	adodb	5.05	Yes
Application	adodb_project	adodb	5.06	Yes
Application	adodb_project	adodb	5.06	Yes
Application	adodb_project	adodb	5.07	Yes
Application	adodb_project	adodb	5.08	Yes
Application	adodb_project	adodb	5.08	Yes
Application	adodb_project	adodb	5.09	Yes
Application	adodb_project	adodb	5.09	Yes
Application	adodb_project	adodb	5.10	Yes
Application	adodb_project	adodb	5.11	Yes
Application	adodb_project	adodb	5.12	Yes
Application	adodb_project	adodb	5.13	Yes
Application	adodb_project	adodb	5.14	Yes
Application	adodb_project	adodb	5.15	Yes
Application	adodb_project	adodb	5.16	Yes
Application	adodb_project	adodb	5.16	Yes
Application	adodb_project	adodb	5.17	Yes
Application	adodb_project	adodb	5.18	Yes
Application	adodb_project	adodb	5.18	Yes
Application	adodb_project	adodb	5.19	Yes
Application	adodb_project	adodb	5.20.0	Yes
Application	adodb_project	adodb	5.20.1	Yes
Application	adodb_project	adodb	5.20.2	Yes
Application	adodb_project	adodb	5.20.3	Yes
Application	adodb_project	adodb	5.20.4	Yes
Application	adodb_project	adodb	5.20.5	Yes
Application	adodb_project	adodb	5.20.6	Yes
Application	php	php	-	No
Operating System	fedoraproject	fedora	25	Yes

References

http://www.openwall.com/lists/oss-security/2016/09/07/8 Patch, Release Notes ([email protected])
http://www.openwall.com/lists/oss-security/2016/09/15/1 Patch, Release Notes ([email protected])
http://www.securityfocus.com/bid/92969 Third Party Advisory ([email protected])
https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md Patch, Release Notes, Vendor Advisory ([email protected])
https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8 Patch, Vendor Advisory ([email protected])
https://github.com/ADOdb/ADOdb/issues/226 Patch ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/ ([email protected])
https://security.gentoo.org/glsa/201701-59 ([email protected])
http://www.openwall.com/lists/oss-security/2016/09/07/8 Patch, Release Notes (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2016/09/15/1 Patch, Release Notes (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/92969 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md Patch, Release Notes, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/ADOdb/ADOdb/issues/226 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201701-59 (af854a3a-2127-422b-91ae-364da2661108)