CVE-2021-3850 – Authentication Bypass by Primary Weakness in adodb/adodb
https://notcve.org/view.php?id=CVE-2021-3850
Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21. Una Omisión de Autenticación por Debilidad Primaria en el repositorio de GitHub adodb/adodb versiones anteriores a 5.20.21 • https://github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29 https://huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c https://lists.debian.org/debian-lts-announce/2022/02/msg00006.html https://www.debian.org/security/2022/dsa-5101 • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •
CVE-2016-4855
https://notcve.org/view.php?id=CVE-2016-4855
Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de Cross-site scripting en ADOdb en versiones anteriores a la 5.20.6, que permitiría a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN48237713/index.html http://www.securityfocus.com/bid/92753 https://github.com/ADOdb/ADOdb/issues/274 https://security.gentoo.org/glsa/201701-59 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-7405
https://notcve.org/view.php?id=CVE-2016-7405
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. El método qstr en el controlador PDO en el ADOdb Library para PHP en versiones anteriores a 5.x en versiones anteriores a 5.20.7 podría permitir a atacantes llevar a cabo ataques de inyección SQL a través de vectores relacionados con una citación incorrecta. • http://www.openwall.com/lists/oss-security/2016/09/07/8 http://www.openwall.com/lists/oss-security/2016/09/15/1 http://www.securityfocus.com/bid/92969 https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8 https://github.com/ADOdb/ADOdb/issues/226 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y https://security.gentoo.org/glsa/ • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2011-3699
https://notcve.org/view.php?id=CVE-2011-3699
John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/test-active-record.php and certain other files. John Lim ADOdb Library para PHP v5.11 permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con tests/test-active-record.php y algunos otros archivos. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/adodb http://www.openwall.com/lists/oss-security/2011/06/27/6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •