Vulnerability Details CVE-2016-7405
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://www.openwall.com/lists/oss-security/2016/09/07/8
- http://www.openwall.com/lists/oss-security/2016/09/15/1
- http://www.securityfocus.com/bid/92969
- https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md
- https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8
- https://github.com/ADOdb/ADOdb/issues/226
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/
- https://security.gentoo.org/glsa/201701-59
- http://www.openwall.com/lists/oss-security/2016/09/07/8
- http://www.openwall.com/lists/oss-security/2016/09/15/1
- http://www.securityfocus.com/bid/92969
- https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md
- https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8
- https://github.com/ADOdb/ADOdb/issues/226
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/
- https://security.gentoo.org/glsa/201701-59
Products affected by CVE-2016-7405
-
cpe:2.3:a:adodb_project:adodb:5.00
-
cpe:2.3:a:adodb_project:adodb:5.01
-
cpe:2.3:a:adodb_project:adodb:5.02
-
cpe:2.3:a:adodb_project:adodb:5.03
-
cpe:2.3:a:adodb_project:adodb:5.04
-
cpe:2.3:a:adodb_project:adodb:5.05
-
cpe:2.3:a:adodb_project:adodb:5.06
-
cpe:2.3:a:adodb_project:adodb:5.07
-
cpe:2.3:a:adodb_project:adodb:5.08
-
cpe:2.3:a:adodb_project:adodb:5.09
-
cpe:2.3:a:adodb_project:adodb:5.10
-
cpe:2.3:a:adodb_project:adodb:5.11
-
cpe:2.3:a:adodb_project:adodb:5.12
-
cpe:2.3:a:adodb_project:adodb:5.13
-
cpe:2.3:a:adodb_project:adodb:5.14
-
cpe:2.3:a:adodb_project:adodb:5.15
-
cpe:2.3:a:adodb_project:adodb:5.16
-
cpe:2.3:a:adodb_project:adodb:5.17
-
cpe:2.3:a:adodb_project:adodb:5.18
-
cpe:2.3:a:adodb_project:adodb:5.19
-
cpe:2.3:a:adodb_project:adodb:5.20.0
-
cpe:2.3:a:adodb_project:adodb:5.20.1
-
cpe:2.3:a:adodb_project:adodb:5.20.2
-
cpe:2.3:a:adodb_project:adodb:5.20.3
-
cpe:2.3:a:adodb_project:adodb:5.20.4
-
cpe:2.3:a:adodb_project:adodb:5.20.5
-
cpe:2.3:a:adodb_project:adodb:5.20.6
-
cpe:2.3:a:php:php:-
-
cpe:2.3:o:fedoraproject:fedora:25