| VID |
21986 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The ADOdb library is vulnerable to an SQL injection vulnerability via the 'server.php' script. ADOdb is a PHP & Python database class library to provide more powerful abstractions for performing queries and managing databases. Multiple PHP-based applications using versions of ADOdb prior to 4.70 are vulnerable to an SQL injection vulnerability, caused by improper validation of user-supplied input passed to the 'server.php' script. This vulnerability could permit a remote attacker to pass malicious input to the 'server.php' script via the 'sql' parameter, potentially resulting in data exposure, modification of the query logic, or even data modification or attacks against the database itself.
* References:
http://secunia.com/advisories/17418/
http://secunia.com/secunia_research/2005-64/advisory/
* Platforms Affected:
ADOdb versions prior to 4.70
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of ADOdb (4.70 or later), available from the ADOdb Project Web page at http://sourceforge.net/project/showfiles.php?group_id=42718 |
| Related URL |
CVE-2006-0146 (CVE) |
| Related URL |
16187 (SecurityFocus) |
| Related URL |
24051 (ISS) |
|
