CVE-2016-7405

critical

Description

The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.

References

http://www.securityfocus.com/bid/92969

https://tuxcare.com/blog/critical-adodb-vulnerabilities-fixed-in-ubuntu/?web_view=true

https://security.gentoo.org/glsa/201701-59

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/

https://github.com/ADOdb/ADOdb/issues/226

https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8

https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md

http://www.openwall.com/lists/oss-security/2016/09/15/1

http://www.openwall.com/lists/oss-security/2016/09/07/8

Details

Source: Mitre, NVD

Published: 2016-10-03

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.015

Detections

Analytics