CVE-2025-46337 SQL injection in ADOdb PostgreSQL driver pg_insert_id() method

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and...

CVE-2025-46337

CVE-2025-46337 affects the PHP database library ADOdb. Prior to version 5.22.9, improper escaping of a query parameter can allow an attacker to execute arbitrary SQL statements when code using ADOdb connects to PostgreSQL and calls pg_insert_id() with user-supplied data. The issue has been patche...

CVE-2025-46337 SQL injection in ADOdb PostgreSQL driver pg_insert_id() method

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and...

GHSA-8X27-JWJR-8545 SQL injection in ADOdb PostgreSQL driver pg_insert_id() method

Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pginsertid with user-supplied data. Note that the indicated Severity corresponds to a worst-case usage scenario. Impact PostgreSQL...

SQL injection in ADOdb PostgreSQL driver pg_insert_id() method

Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pginsertid with user-supplied data. Note that the indicated Severity corresponds to a worst-case usage scenario. Impact PostgreSQL...

PT-2025-18680

Name of the Vulnerable Software and Affected Versions: ADOdb versions prior to 5.22.9 Description: The issue is related to the improper escaping of a query parameter, which may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and...

SQL injection in ADOdb PostgreSQL driver pg_insert_id() method

Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pginsertid with user-supplied data. Note that the indicated Severity corresponds to a worst-case usage scenario...

Ubuntu: Security Advisory (USN-7315-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7315-2: PostgreSQL vulnerability

USN-7315-1 fixed a vulnerability in PostgreSQL. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Stephen Fewer discovered that PostgreSQL incorrectly handled quoting syntax in certain scenarios. A remote attacker could possibly use this issue to perfo...

USN-7315-2 postgresql-10 vulnerability

USN-7315-1 fixed a vulnerability in PostgreSQL. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Stephen Fewer discovered that PostgreSQL incorrectly handled quoting syntax in certain scenarios. A remote attacker could possibly use this issue to perfo...

Security Bulletin: InfoSphere Data Replication is affected by multiple postgresql vulnerbilities

Summary InfoSphere Data Replication uses postgresql. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2022-26520 DESCRIPTION: pgjdbc could allow a remote attacker to execute arbitrary code on the system, caused by the external control of the...

K000151082: PostgreSQL vulnerability CVE-2021-32027

Security Advisory Description A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory...

F5 Networks BIG-IP : PostgreSQL vulnerability (K000151082)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000151082 advisory. A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While...

Tenable Security Center SQLI (TNS-2025-06)

According to its self-reported version, the Tenable Security Center running on the remote host is version 6.5.0 or 6.5.1. It is, therefore, affected by a vulnerability as referenced in the TNS-2025-06 advisory. - Improper neutralization of quoting syntax in PostgreSQL libpq functions...

[SECURITY] Fedora 41 Update: pgadmin4-9.2-1.fc41

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

[SECURITY] Fedora 42 Update: pgbouncer-1.24.1-2.fc42

pgbouncer is a lightweight connection pooler for PostgreSQL and uses libevent for low-level socket handling...

[SECURITY] Fedora 40 Update: pgbouncer-1.24.1-2.fc40

pgbouncer is a lightweight connection pooler for PostgreSQL and uses libevent for low-level socket handling...

[SECURITY] Fedora 41 Update: pgbouncer-1.24.1-2.fc41

pgbouncer is a lightweight connection pooler for PostgreSQL and uses libevent for low-level socket handling...

K000150987: PostgreSQL pgAdmin vulnerabilities CVE-2025-2945 and CVE-2025-2946

Security Advisory Description CVE-2025-2945 Remote Code Execution security vulnerability in pgAdmin 4 Query Tool and Cloud Deployment modules. The vulnerability is associated with the 2 POST endpoints; /sqleditor/querytool/download, where the querycommited parameter and /cloud/deploy endpoint,...

PgBouncer default auth_query does not take Postgres password expiry into account

...