Debian Libphp-Adodb vulnerabilities

13 known vulnerabilities affecting debian/libphp-adodb.

Total CVEs
13
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL4MEDIUM4LOW5

Vulnerabilities

Page 1 of 1
CVE-2025-54119CRITICALCVSS 10.0fixed in libphp-adodb 5.21.4-1+deb12u2 (bookworm)2025
CVE-2025-54119 [CRITICAL] CVE-2025-54119: libphp-adodb - ADOdb is a PHP database class library that provides abstractions for performing ... ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes()
debian
CVE-2025-46337CRITICALCVSS 10.0fixed in libphp-adodb 5.21.4-1+deb12u1 (bookworm)2025
CVE-2025-46337 [CRITICAL] CVE-2025-46337: libphp-adodb - ADOdb is a PHP database class library that provides abstractions for performing ... ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pg_insert_id() with user-supplied data. This issue has
debian
CVE-2021-3850CRITICALCVSS 9.1fixed in libphp-adodb 5.21.4-1 (bookworm)2021
CVE-2021-3850 [CRITICAL] CVE-2021-3850: libphp-adodb - Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior... Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21. Scope: local bookworm: resolved (fixed in 5.21.4-1) bullseye: resolved (fixed in 5.20.19-1+deb11u1) forky: resolved (fixed in 5.21.4-1) sid: resolved (fixed in 5.21.4-1) trixie: resolved (fixed in 5.21.4-1)
debian
CVE-2016-7405CRITICALCVSS 9.8fixed in libphp-adodb 5.20.6-1 (bookworm)2016
CVE-2016-7405 [CRITICAL] CVE-2016-7405: libphp-adodb - The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before... The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. Scope: local bookworm: resolved (fixed in 5.20.6-1) bullseye: resolved (fixed in 5.20.6-1) forky: resolved (fixed in 5.20.6-1) sid: resolved (fixed in 5.20.6-1) trixie:
debian
CVE-2016-4855LOWCVSS 6.1fixed in libphp-adodb 5.20.6-1 (bookworm)2016
CVE-2016-4855 [MEDIUM] CVE-2016-4855: libphp-adodb - Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remo... Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Scope: local bookworm: resolved (fixed in 5.20.6-1) bullseye: resolved (fixed in 5.20.6-1) forky: resolved (fixed in 5.20.6-1) sid: resolved (fixed in 5.20.6-1) trixie: resolved (fixed in 5.20.6-1)
debian
CVE-2011-3699LOWCVSS 5.02011
CVE-2011-3699 [MEDIUM] CVE-2011-3699: libphp-adodb - John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain sensitive ... John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/test-active-record.php and certain other files. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open
debian
CVE-2006-0147MEDIUMCVSS 7.5PoCfixed in cacti 0.8.6d-1 (bookworm)2006
CVE-2006-0147 [HIGH] CVE-2006-0147: cacti - Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb f... Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable
debian
CVE-2006-0146MEDIUMCVSS 7.5PoCfixed in cacti 0.8.6d-1 (bookworm)2006
CVE-2006-0146 [HIGH] CVE-2006-0146: cacti - The server.php test script in ADOdb for PHP before 4.70, as used in multiple pro... The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter. Scope: local bookworm: resolved (fixed i
debian
CVE-2006-0806MEDIUMCVSS 4.3PoCfixed in cacti 0.8.6d-1 (bookworm)2006
CVE-2006-0806 [MEDIUM] CVE-2006-0806: cacti - Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in mu... Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF. Scope: local bookworm: resolved (fixed in 0.8.6d-1) bullseye: resolved (fixed in 0.8.6
debian
CVE-2006-0410MEDIUMCVSS 5.0fixed in cacti 0.8.6d-1 (bookworm)2006
CVE-2006-0410 [MEDIUM] CVE-2006-0410: cacti - SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows ... SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings. Scope: local bookworm: resolved (fixed in 0.8.6d-1) bullseye: resolved (fixed in 0.8.6d-1) forky: resolved (fixed in 0.8.6d-1) sid: resolved (fixed in 0.8.6d-1) trixie: resolved (fix
debian
CVE-2006-4976LOWCVSS 5.0fixed in phppgadmin 5.1+ds-1 (forky)2006
CVE-2006-4976 [MEDIUM] CVE-2006-4976: libphp-adodb - The Date Library in John Lim ADOdb Library for PHP allows remote attackers to ob... The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for (1) server.php, (2) adodb-errorpear.inc.php, (3) adodb-iterator.inc.php, (4) adodb-pear.inc.php, (5) adodb-perf.inc.php, (6) adodb-xmlschema.inc.php, and (7) adodb.inc.php; files in datadict including (8) datadict-access.inc.php, (
debian
CVE-2006-4618LOWCVSS 5.12006
CVE-2006-4618 [MEDIUM] CVE-2006-4618: libphp-adodb - PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in John Lim A... PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in John Lim ADOdb, possibly 4.01 and earlier, as used in Intechnic In-link 2.3.4, allows remote attackers to execute arbitrary PHP code via a URL in the ADODB_DIR parameter. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved
debian
CVE-2004-2664LOWCVSS 5.0fixed in phppgadmin 4.0.1-2 (forky)2004
CVE-2004-2664 [MEDIUM] CVE-2004-2664: libphp-adodb - John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sen... John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals the installation path in an error message. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved
debian