CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-3850 – Authentication Bypass by Primary Weakness in adodb/adodb
https://notcve.org/view.php?id=CVE-2021-3850
Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21. Una Omisión de Autenticación por Debilidad Primaria en el repositorio de GitHub adodb/adodb versiones anteriores a 5.20.21 • https://github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29 https://huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c https://lists.debian.org/debian-lts-announce/2022/02/msg00006.html https://www.debian.org/security/2022/dsa-5101 • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4855
https://notcve.org/view.php?id=CVE-2016-4855
Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de Cross-site scripting en ADOdb en versiones anteriores a la 5.20.6, que permitiría a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN48237713/index.html http://www.securityfocus.com/bid/92753 https://github.com/ADOdb/ADOdb/issues/274 https://security.gentoo.org/glsa/201701-59 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 36EXPL: 0CVE-2016-7405
https://notcve.org/view.php?id=CVE-2016-7405
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. El método qstr en el controlador PDO en el ADOdb Library para PHP en versiones anteriores a 5.x en versiones anteriores a 5.20.7 podría permitir a atacantes llevar a cabo ataques de inyección SQL a través de vectores relacionados con una citación incorrecta. • http://www.openwall.com/lists/oss-security/2016/09/07/8 http://www.openwall.com/lists/oss-security/2016/09/15/1 http://www.securityfocus.com/bid/92969 https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8 https://github.com/ADOdb/ADOdb/issues/226 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y https://security.gentoo.org/glsa/ • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •