adodb/adodb-php is vulnerable to authentication bypass. The vulnerability exists in the adodb_addslashes
function of adodb-postgres64.inc.php
, allowing an attacker to inject values into the PostgreSQL connection by providing a parameter surrounded by the single quotes.
github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29
github.com/ADOdb/ADOdb/issues/793
github.com/ADOdb/ADOdb/security/advisories/GHSA-65mj-7c86-79jf
huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c
huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c/
lists.debian.org/debian-lts-announce/2022/02/msg00006.html
www.debian.org/security/2022/dsa-5101