CVE-2016-7405

Sažetak

The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.

Reference

http://www.securityfocus.com/bid/92969
https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8
http://www.openwall.com/lists/oss-security/2016/09/15/1
http://www.openwall.com/lists/oss-security/2016/09/07/8
https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md
https://github.com/ADOdb/ADOdb/issues/226
https://security.gentoo.org/glsa/201701-59
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

07-11-2023 - 02:34

Objavljeno

03-10-2016 - 18:59