CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-3850 – Authentication Bypass by Primary Weakness in adodb/adodb
https://notcve.org/view.php?id=CVE-2021-3850
Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21. Una Omisión de Autenticación por Debilidad Primaria en el repositorio de GitHub adodb/adodb versiones anteriores a 5.20.21 • https://github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29 https://huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c https://lists.debian.org/debian-lts-announce/2022/02/msg00006.html https://www.debian.org/security/2022/dsa-5101 • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4855
https://notcve.org/view.php?id=CVE-2016-4855
Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de Cross-site scripting en ADOdb en versiones anteriores a la 5.20.6, que permitiría a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN48237713/index.html http://www.securityfocus.com/bid/92753 https://github.com/ADOdb/ADOdb/issues/274 https://security.gentoo.org/glsa/201701-59 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.1EPSS: 1%CPEs: 1EXPL: 0CVE-2006-4618
https://notcve.org/view.php?id=CVE-2006-4618
PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in John Lim ADOdb, possibly 4.01 and earlier, as used in Intechnic In-link 2.3.4, allows remote attackers to execute arbitrary PHP code via a URL in the ADODB_DIR parameter. Vulnerabilidad PHP de inclusión remota de archivo en adodb-postgres7.inc.php en John Lim ADOdb, posiblemente 4.01 y anteriores, según lo usado en Intechnic In-link 2.3.4, permite a un atacante remoto ejecutar código PHP de su elección a través de una URL en el parámetro ADODB_DIR. • http://adodb.cvs.sourceforge.net/adodb/adodb_official/adodb-postgres7.inc.php?revision=1.1&view=markup http://prdownloads.sourceforge.net/adodb/adodb492.tgz?download http://securityreason.com/securityalert/1517 http://www.securityfocus.com/archive/1/445259/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/28709 •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2004-2664
https://notcve.org/view.php?id=CVE-2004-2664
John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals the installation path in an error message. • http://phplens.com/lens/adodb/docs-adodb.htm#changes •