The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2016/09/07/8 | Patch Release Notes |
http://www.openwall.com/lists/oss-security/2016/09/15/1 | Patch Release Notes |
http://www.securityfocus.com/bid/92969 | Third Party Advisory |
https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md | Patch Release Notes Vendor Advisory |
https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8 | Patch Vendor Advisory |
https://github.com/ADOdb/ADOdb/issues/226 | Patch |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/ | |
https://security.gentoo.org/glsa/201701-59 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2016-10-03T18:00:00
Updated: 2017-06-30T16:57:01
Reserved: 2016-09-09T00:00:00
Link: CVE-2016-7405
JSON object: View
NVD Information
Status : Modified
Published: 2016-10-03T18:59:14.150
Modified: 2023-11-07T02:34:37.323
Link: CVE-2016-7405
JSON object: View
Redhat Information
No data.
CWE