Search criteria
3 vulnerabilities by adodb_project
CVE-2021-3850 (GCVE-0-2021-3850)
Vulnerability from cvelistv5 – Published: 2022-01-25 14:20 – Updated: 2024-08-03 17:09
VLAI
Title
Authentication Bypass by Primary Weakness in adodb/adodb
Summary
Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.
Severity
9.1 (Critical)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/bdf5f216-4499-4225-a73… | x_refsource_CONFIRM |
| https://github.com/adodb/adodb/commit/952de6c4273… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2022/dsa-5101 | vendor-advisoryx_refsource_DEBIAN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| adodb | adodb/adodb |
Affected:
unspecified , < 5.20.21
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29"
},
{
"name": "[debian-lts-announce] 20220206 [SECURITY] [DLA 2912-1] libphp-adodb security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00006.html"
},
{
"name": "DSA-5101",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "adodb/adodb",
"vendor": "adodb",
"versions": [
{
"lessThan": "5.20.21",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T14:06:25.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29"
},
{
"name": "[debian-lts-announce] 20220206 [SECURITY] [DLA 2912-1] libphp-adodb security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00006.html"
},
{
"name": "DSA-5101",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5101"
}
],
"source": {
"advisory": "bdf5f216-4499-4225-a737-b28bc6f5801c",
"discovery": "EXTERNAL"
},
"title": "Authentication Bypass by Primary Weakness in adodb/adodb",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-3850",
"STATE": "PUBLIC",
"TITLE": "Authentication Bypass by Primary Weakness in adodb/adodb"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "adodb/adodb",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.20.21"
}
]
}
}
]
},
"vendor_name": "adodb"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-305 Authentication Bypass by Primary Weakness"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c"
},
{
"name": "https://github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29",
"refsource": "MISC",
"url": "https://github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29"
},
{
"name": "[debian-lts-announce] 20220206 [SECURITY] [DLA 2912-1] libphp-adodb security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00006.html"
},
{
"name": "DSA-5101",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5101"
}
]
},
"source": {
"advisory": "bdf5f216-4499-4225-a737-b28bc6f5801c",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-3850",
"datePublished": "2022-01-25T14:20:11.000Z",
"dateReserved": "2021-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4855 (GCVE-0-2016-4855)
Vulnerability from cvelistv5 – Published: 2017-05-12 18:00 – Updated: 2024-08-06 00:46
VLAI
Summary
Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/ADOdb/ADOdb/issues/274 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/92753 | vdb-entryx_refsource_BID |
| https://security.gentoo.org/glsa/201701-59 | vendor-advisoryx_refsource_GENTOO |
| http://jvn.jp/en/jp/JVN48237713/index.html | third-party-advisoryx_refsource_JVN |
Date Public
2016-09-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:46:38.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ADOdb/ADOdb/issues/274"
},
{
"name": "92753",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92753"
},
{
"name": "GLSA-201701-59",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-59"
},
{
"name": "JVN#48237713",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN48237713/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ADOdb",
"vendor": "ADOdb",
"versions": [
{
"status": "affected",
"version": "versions prior to 5.20.6"
}
]
}
],
"datePublic": "2016-09-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ADOdb/ADOdb/issues/274"
},
{
"name": "92753",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92753"
},
{
"name": "GLSA-201701-59",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-59"
},
{
"name": "JVN#48237713",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN48237713/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ADOdb",
"version": {
"version_data": [
{
"version_value": "versions prior to 5.20.6"
}
]
}
}
]
},
"vendor_name": "ADOdb"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ADOdb/ADOdb/issues/274",
"refsource": "CONFIRM",
"url": "https://github.com/ADOdb/ADOdb/issues/274"
},
{
"name": "92753",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92753"
},
{
"name": "GLSA-201701-59",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-59"
},
{
"name": "JVN#48237713",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN48237713/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4855",
"datePublished": "2017-05-12T18:00:00.000Z",
"dateReserved": "2016-05-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:46:38.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7405 (GCVE-0-2016-7405)
Vulnerability from cvelistv5 – Published: 2016-10-03 18:00 – Updated: 2024-08-06 01:57
VLAI
Summary
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| http://www.openwall.com/lists/oss-security/2016/09/07/8 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/92969 | vdb-entryx_refsource_BID |
| https://github.com/ADOdb/ADOdb/issues/226 | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201701-59 | vendor-advisoryx_refsource_GENTOO |
| http://www.openwall.com/lists/oss-security/2016/09/15/1 | mailing-listx_refsource_MLIST |
| https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/… | x_refsource_CONFIRM |
| https://github.com/ADOdb/ADOdb/commit/bd9eca9f402… | x_refsource_CONFIRM |
Date Public
2016-09-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2016-c5ec2c17e6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/"
},
{
"name": "[oss-security] 20160907 ADOdb PDO driver: incorrect quoting may allow SQL injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/07/8"
},
{
"name": "92969",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92969"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ADOdb/ADOdb/issues/226"
},
{
"name": "GLSA-201701-59",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-59"
},
{
"name": "[oss-security] 20160915 Re: ADOdb PDO driver: incorrect quoting may allow SQL injection",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2016-c5ec2c17e6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/"
},
{
"name": "[oss-security] 20160907 ADOdb PDO driver: incorrect quoting may allow SQL injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/07/8"
},
{
"name": "92969",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92969"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ADOdb/ADOdb/issues/226"
},
{
"name": "GLSA-201701-59",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-59"
},
{
"name": "[oss-security] 20160915 Re: ADOdb PDO driver: incorrect quoting may allow SQL injection",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2016-c5ec2c17e6",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/"
},
{
"name": "[oss-security] 20160907 ADOdb PDO driver: incorrect quoting may allow SQL injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/07/8"
},
{
"name": "92969",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92969"
},
{
"name": "https://github.com/ADOdb/ADOdb/issues/226",
"refsource": "CONFIRM",
"url": "https://github.com/ADOdb/ADOdb/issues/226"
},
{
"name": "GLSA-201701-59",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-59"
},
{
"name": "[oss-security] 20160915 Re: ADOdb PDO driver: incorrect quoting may allow SQL injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/1"
},
{
"name": "https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md",
"refsource": "CONFIRM",
"url": "https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md"
},
{
"name": "https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8",
"refsource": "CONFIRM",
"url": "https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7405",
"datePublished": "2016-10-03T18:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:57:47.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}