Lucene search
Gentoo FoundationGLSA-200602-02HistoryFeb 06, 2006 - 12:00 a.m.
ADOdb: PostgresSQL command injection
2006-02-0600:00:00
Gentoo Foundation
security.gentoo.org
10
0.011 Low
EPSS
Percentile
84.4%
Background
ADOdb is an abstraction library for PHP creating a common API for a wide range of database backends.
Description
Andy Staudacher discovered that ADOdb does not properly sanitize all parameters.
Impact
By sending specifically crafted requests to an application that uses ADOdb and a PostgreSQL backend, an attacker might exploit the flaw to execute arbitrary SQL queries on the host.
Workaround
There is no known workaround at this time.
Resolution
All ADOdb users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-php/adodb-4.71"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | dev-php/adodb | < 4.71 | UNKNOWN |
Related
prion
prion
Sql injection
2006-01-25 02:03:00
nessus
nessus
GLSA-200602-02 : ADOdb: PostgreSQL command injection
2006-02-10 00:00:00
Debian DSA-1031-1 : cacti - several vulnerabilities
2006-10-14 00:00:00
GLSA-200604-07 : Cacti: Multiple vulnerabilities in included ADOdb
2006-04-17 00:00:00
debiancve
debiancve
CVE-2006-0410
2006-01-25 02:03:00
cvelist
cvelist
CVE-2006-0410
2006-01-25 02:00:00
ubuntucve
ubuntucve
CVE-2006-0410
2006-01-25 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200602-02 (ADOdb)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200602-02 (ADOdb)
2008-09-24 00:00:00
Debian Security Advisory DSA 1029-1 (libphp-adodb)
2008-01-17 00:00:00
cve
cve
CVE-2006-0410
2006-01-25 02:03:00
osv
osv
moodle - several
2006-04-08 00:00:00
cacti - several
2006-04-08 00:00:00
libphp-adodb - several
2006-04-08 00:00:00
debian
debian
[SECURITY] [DSA 1030-1] New moodle packages fix several vulnerabilities
2006-04-08 13:33:21
securityvulns
securityvulns
gentoo
gentoo
Cacti: Multiple vulnerabilities in included ADOdb
2006-04-14 00:00:00