John Lim Adodb vulnerabilities
7 known vulnerabilities affecting john_lim/adodb.
Total CVEs
7
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2011-3699MEDIUMCVSS 5.0v5.112011-09-23
CVE-2011-3699 [MEDIUM] CWE-200 CVE-2011-3699: John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain sensitive information via a di
John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/test-active-record.php and certain other files.
nvd
CVE-2006-4618MEDIUMCVSS 5.1≤ 4.012006-09-07
CVE-2006-4618 [MEDIUM] CVE-2006-4618: PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in John Lim ADOdb, possibly 4.01
PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in John Lim ADOdb, possibly 4.01 and earlier, as used in Intechnic In-link 2.3.4, allows remote attackers to execute arbitrary PHP code via a URL in the ADODB_DIR parameter.
nvd
CVE-2006-0806MEDIUMCVSS 4.3PoCv4.66v4.68+2 more2006-02-21
CVE-2006-0806 [MEDIUM] CWE-79 CVE-2006-0806: Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such
Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF.
nvd
CVE-2006-0410MEDIUMCVSS 5.0v4.66v4.68+1 more2006-01-25
CVE-2006-0410 [MEDIUM] CVE-2006-0410: SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to
SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings.
nvd
CVE-2006-0146HIGHCVSS 7.5PoCv4.66v4.682006-01-09
CVE-2006-0146 [HIGH] CWE-89 CVE-2006-0146: The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1)
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
nvd
CVE-2006-0147HIGHCVSS 7.5PoCv4.66v4.682006-01-09
CVE-2006-0147 [HIGH] CVE-2006-0147: Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70,
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a v
nvd
CVE-2004-2664MEDIUMCVSS 5.0≤ 4.22v3.94+10 more2004-12-31
CVE-2004-2664 [MEDIUM] CVE-2004-2664: John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information v
John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals the installation path in an error message.
nvd