SQL Injection

adodb/adodb-php is vulnerable to SQL Injection. The vulnerability is due to improper escaping of query parameters due to crafted table names being passed to the metaColumns, metaForeignKeys, or metaIndexes methods when connected to a sqlite3 database...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via improper escaping of query parameters in the metaColumns, metaForeignKeys, or metaIndexes methods when connecting to a sqlite3 database. An attacker can execute arbitrary SQL statements by supplying a crafted table nam...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to improper escaping of a query parameter in the postgres64, postgres7, postgres8, and postgres9 drivers. An attacker can execute arbitrary SQL statements by injecting malicious SQL code into the pginsertid method...

SQL Injection

adodb/adodb-php is vulnerable to SQL injection. The vulnerability is due to inadequate input validation in multiple drivers, which allows an attacker to execute malicious SQL queries...

Authentication Bypass

adodb/adodb-php is vulnerable to authentication bypass. The vulnerability exists in the adodbaddslashes function of adodb-postgres64.inc.php, allowing an attacker to inject values into the PostgreSQL connection by providing a parameter surrounded by the single quotes...

SQL Injection

adodb-php contains a SQLi vulnerability...

CVE-2018-6382

MantisBT 2.10.0 allows local users to conduct SQL Injection attacks via the vendor/adodb/adodb-php/server.php sql parameter in a request to the 127.0.0.1 IP address. NOTE: the vendor disputes the significance of this report because server.php is intended to execute arbitrary SQL statements on...