Adodb Adodb-Php vulnerabilities

5 known vulnerabilities affecting adodb/adodb-php.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-54119CRITICAL≥ 0, < 5.22.102025-08-04
CVE-2025-54119 [CRITICAL] CWE-89 The ADOdb sqlite3 driver allows SQL injection The ADOdb sqlite3 driver allows SQL injection Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. Note that the indicated Severity corresponds to a worst-case usage scenario, e.g. allowing user-supplied data to be sent
ghsaosv
CVE-2025-46337CRITICAL≥ 0, < 5.22.92025-05-01
CVE-2025-46337 [CRITICAL] CWE-89 SQL injection in ADOdb PostgreSQL driver pg_insert_id() method SQL injection in ADOdb PostgreSQL driver pg_insert_id() method Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pg_insert_id() with user-supplied data. Note that the indicated Severity corresponds to a worst-case usage scenario. ### Impact PostgreSQL drivers (postgres64, postgres7,
ghsaosv
CVE-2016-7405CRITICAL≥ 5.0, < 5.20.72022-05-17
CVE-2016-7405 [CRITICAL] CWE-89 ADOdb Library SQL Injection ADOdb Library SQL Injection The `qstr` method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
ghsaosv
CVE-2016-4855MEDIUM≥ 0, < 5.20.62022-05-17
CVE-2016-4855 [MEDIUM] CWE-79 ADOdb Cross-site scripting vulnerability in old test script ADOdb Cross-site scripting vulnerability in old test script Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
ghsaosv
CVE-2021-3850CRITICAL≥ 0, < 5.20.21≥ 5.21.0, < 5.21.42022-01-27
CVE-2021-3850 [CRITICAL] CWE-287 Authentication Bypass in ADOdb/ADOdb Authentication Bypass in ADOdb/ADOdb ### Impact An attacker can inject values into a PostgreSQL connection string by providing a parameter surrounded by single quotes. Depending on how the library is used in the client software, this may allow an attacker to bypass the login process, gain access to the server's IP address, etc. ### Patches The vulnerability is fixed in ADOdb versions 5.20.21 (952de6c4273d9b1e91c2b838044f8
ghsaosv