JVN#48237713: ADOdb vulnerable to cross-site scripting

2016-09-06T00:00:00
ID JVN:48237713
Type jvn
Reporter Japan Vulnerability Notes
Modified 2016-09-06T00:00:00

Description

## Description

ADOdb is a database abstraction layer for PHP. The library's test script (test.php) contains a cross-site scripting (CWE-79) vulnerability.

## Impact

An arbitrary script may be executed on the user's web browser.

## Solution

Update the Software
Update to the latest version according to the information provided by the developer.

Apply a Workaround
The developer recommends the following workaround:

> "The whole ./tests directory should be removed from client installations.
It is only used for development purposes and not necessary for ADOdb operations."

## Products Affected

  • ADOdb versions prior to 5.20.6