gsd-2016-7405
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-7405",
"description": "The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.",
"id": "GSD-2016-7405",
"references": [
"https://advisories.mageia.org/CVE-2016-7405.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-7405"
],
"details": "The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.",
"id": "GSD-2016-7405",
"modified": "2023-12-13T01:21:20.611113Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2016-c5ec2c17e6",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/"
},
{
"name": "[oss-security] 20160907 ADOdb PDO driver: incorrect quoting may allow SQL injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/07/8"
},
{
"name": "92969",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92969"
},
{
"name": "https://github.com/ADOdb/ADOdb/issues/226",
"refsource": "CONFIRM",
"url": "https://github.com/ADOdb/ADOdb/issues/226"
},
{
"name": "GLSA-201701-59",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-59"
},
{
"name": "[oss-security] 20160915 Re: ADOdb PDO driver: incorrect quoting may allow SQL injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/1"
},
{
"name": "https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md",
"refsource": "CONFIRM",
"url": "https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md"
},
{
"name": "https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8",
"refsource": "CONFIRM",
"url": "https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=5.00,\u003c=5.07||\u003e=5.10,\u003c=5.20.6",
"affected_versions": "All versions starting from 5.00 up to 5.07, all versions starting from 5.10 up to 5.20.6",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-89",
"CWE-937"
],
"date": "2017-07-01",
"description": "The `qstr` method in the PDO driver in the ADOdb Library for PHP might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.",
"fixed_versions": [
"5.20.7"
],
"identifier": "CVE-2016-7405",
"identifiers": [
"CVE-2016-7405"
],
"not_impacted": "All versions before 5.00, all versions after 5.07 before 5.10, all versions after 5.20.6",
"package_slug": "packagist/adodb/adodb-php",
"pubdate": "2016-10-03",
"solution": "Upgrade to version 5.20.7 or above.",
"title": "SQL Injection",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2016-7405",
"https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md",
"https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8"
],
"uuid": "2f5fcaf1-eb47-4301-b1c5-a748786f4d23"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.04:a:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.20.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.20.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.09:a:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.16:a:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.20.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.01:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.02:a:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.07:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.08:a:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.20.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.00:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.06:a:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.18:a:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.20.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:adodb_project:adodb:5.20.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:php:php:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7405"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2016-c5ec2c17e6",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/"
},
{
"name": "92969",
"refsource": "BID",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/92969"
},
{
"name": "https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8"
},
{
"name": "[oss-security] 20160915 Re: ADOdb PDO driver: incorrect quoting may allow SQL injection",
"refsource": "MLIST",
"tags": [
"Patch",
"Release Notes"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/15/1"
},
{
"name": "[oss-security] 20160907 ADOdb PDO driver: incorrect quoting may allow SQL injection",
"refsource": "MLIST",
"tags": [
"Patch",
"Release Notes"
],
"url": "http://www.openwall.com/lists/oss-security/2016/09/07/8"
},
{
"name": "https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md"
},
{
"name": "https://github.com/ADOdb/ADOdb/issues/226",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "https://github.com/ADOdb/ADOdb/issues/226"
},
{
"name": "GLSA-201701-59",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/201701-59"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": true,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2017-07-01T01:30Z",
"publishedDate": "2016-10-03T18:59Z"
}
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.