3 results (0.002 seconds)

CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1

Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21. Una Omisión de Autenticación por Debilidad Primaria en el repositorio de GitHub adodb/adodb versiones anteriores a 5.20.21 • https://github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29 https://huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c https://lists.debian.org/debian-lts-announce/2022/02/msg00006.html https://www.debian.org/security/2022/dsa-5101 • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de Cross-site scripting en ADOdb en versiones anteriores a la 5.20.6, que permitiría a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN48237713/index.html http://www.securityfocus.com/bid/92753 https://github.com/ADOdb/ADOdb/issues/274 https://security.gentoo.org/glsa/201701-59 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 25%CPEs: 4EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF. • https://www.exploit-db.com/exploits/43832 http://phpesp.cvs.sourceforge.net/phpesp/phpESP/admin/include/lib/adodb/adodb-pager.inc.php?r1=1.1&r2=1.2 http://secunia.com/advisories/18928 http://secunia.com/advisories/19555 http://secunia.com/advisories/19590 http://secunia.com/advisories/19591 http://secunia.com/advisories/19691 http://securityreason.com/securityalert/452 http://sourceforge.net/project/shownotes.php?release_id=419843&group_id=8956 http://www.debian.org/security& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •