CVE-2025-46337

Published: May 1, 2025

Modified: May 26, 2025

PUBLISHED

CVSS v3.1

10.0

CRITICAL

Description

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pg_insert_id() with user-supplied data. This issue has been patched in version 5.22.9.

Vendor	Product	Versions
ADOdb	ADOdb	affected `< 5.22.9`

Weaknesses (CWE)

CWE-89

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

Low

References

https://github.com/ADOdb/ADOdb/security/advisories/GHSA-8x27-jwjr-8545

x_refsource_CONFIRM

https://github.com/ADOdb/ADOdb/issues/1070

x_refsource_MISC

https://github.com/ADOdb/ADOdb/commit/11107d6d6e5160b62e05dff8a3a2678cf0e3a426

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-46337

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References