CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2021-3850 – Authentication Bypass by Primary Weakness in adodb/adodb
https://notcve.org/view.php?id=CVE-2021-3850
25 Jan 2022 — Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21. Una Omisión de Autenticación por Debilidad Primaria en el repositorio de GitHub adodb/adodb versiones anteriores a 5.20.21 It was discovered that the PDO driver in ADOdb was incorrectly handling string quotes. A remote attacker could possibly use this issue to perform SQL injection attacks. This issue only affected Ubuntu 16.04 LTS. It was discovered that ADOdb was incorrectly handling GET parameters in test.php. • https://github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29 • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4855 – Ubuntu Security Notice USN-6825-1
https://notcve.org/view.php?id=CVE-2016-4855
24 Jan 2017 — Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de Cross-site scripting en ADOdb en versiones anteriores a la 5.20.6, que permitiría a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. It was discovered that the PDO driver in ADOdb was incorrectly handling string quotes. A remote attacker could possibly use this issue to perform SQL inj... • http://jvn.jp/en/jp/JVN48237713/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 14%CPEs: 4EXPL: 1CVE-2006-0806 – ADOdb < 4.71 - Cross Site Scripting
https://notcve.org/view.php?id=CVE-2006-0806
21 Feb 2006 — Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF. • https://www.exploit-db.com/exploits/43832 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2006-0410
https://notcve.org/view.php?id=CVE-2006-0410
25 Jan 2006 — SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings. Vulnerabilidad de inyección de SQL en ADOdb anteriores a 4.71, cuando se usa PostgreSQL, permite a atacantes ejecutar órdenes SQL de su elección mediante vectores de ataque no especificados implicando cadenas binarias. • http://secunia.com/advisories/18575 •
CVSS: 9.8EPSS: 8%CPEs: 8EXPL: 6CVE-2006-0146 – Simplog 0.9.2 - 's' Remote Command Execution
https://notcve.org/view.php?id=CVE-2006-0146
09 Jan 2006 — The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter. • https://www.exploit-db.com/exploits/1663 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 21%CPEs: 7EXPL: 5CVE-2006-0147 – Simplog 0.9.2 - 's' Remote Command Execution
https://notcve.org/view.php?id=CVE-2006-0147
09 Jan 2006 — Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo. • https://www.exploit-db.com/exploits/1663 •