Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| adodb_project | adodb | * |
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| adodb_project | adodb | 5.20.5 |
| adodb_project | adodb | 5.12 |
| adodb_project | adodb | 5.17 |
| adodb_project | adodb | 5.20.6 |
| adodb_project | adodb | 5.05 |
| adodb_project | adodb | 5.20.0 |
| adodb_project | adodb | 5.16 |
| adodb_project | adodb | 5.20.1 |
| fedoraproject | fedora | 25 |
| adodb_project | adodb | 5.11 |
| adodb_project | adodb | 5.20.3 |
| adodb_project | adodb | 5.20.4 |
| adodb_project | adodb | 5.20.2 |
| adodb_project | adodb | 5.19 |
| adodb_project | adodb | 5.08 |
| adodb_project | adodb | 5.15 |
| adodb_project | adodb | 5.18 |
| adodb_project | adodb | 5.00 |
| adodb_project | adodb | 5.06 |
| adodb_project | adodb | 5.14 |
| adodb_project | adodb | 5.13 |
| adodb_project | adodb | 5.02 |
| adodb_project | adodb | 5.03 |
| adodb_project | adodb | 5.07 |
| adodb_project | adodb | 5.01 |
| adodb_project | adodb | 5.09 |
| adodb_project | adodb | 5.04 |
| adodb_project | adodb | 5.10 |
Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | 3.9 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-305,CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| adodb_project | adodb | * |
| debian | debian_linux | 9.0 |