CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-3850 – Authentication Bypass by Primary Weakness in adodb/adodb
https://notcve.org/view.php?id=CVE-2021-3850
25 Jan 2022 — Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21. Una Omisión de Autenticación por Debilidad Primaria en el repositorio de GitHub adodb/adodb versiones anteriores a 5.20.21 It was discovered that the PDO driver in ADOdb was incorrectly handling string quotes. A remote attacker could possibly use this issue to perform SQL injection attacks. This issue only affected Ubuntu 16.04 LTS. It was discovered that ADOdb was incorrectly handling GET parameters in test.php. • https://github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29 • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4855 – Ubuntu Security Notice USN-6825-1
https://notcve.org/view.php?id=CVE-2016-4855
24 Jan 2017 — Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de Cross-site scripting en ADOdb en versiones anteriores a la 5.20.6, que permitiría a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. It was discovered that the PDO driver in ADOdb was incorrectly handling string quotes. A remote attacker could possibly use this issue to perform SQL inj... • http://jvn.jp/en/jp/JVN48237713/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 36EXPL: 0CVE-2016-7405 – Ubuntu Security Notice USN-6825-1
https://notcve.org/view.php?id=CVE-2016-7405
03 Oct 2016 — The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. El método qstr en el controlador PDO en el ADOdb Library para PHP en versiones anteriores a 5.x en versiones anteriores a 5.20.7 podría permitir a atacantes llevar a cabo ataques de inyección SQL a través de vectores relacionados con una citación incorrecta. It was discovered that the PDO driver in ADOdb was incorrectl... • http://www.openwall.com/lists/oss-security/2016/09/07/8 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •