SQL Injection Affecting adodb/adodb-php package, versions <5.20.12
Snyk CVSS
Attack Complexity
Low
User Interaction
Required
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-ADODBADODBPHP-72140
- published 30 Apr 2018
- disclosed 30 Apr 2018
- credit Unknown
How to fix?
Upgrade adodb/adodb-php
to version 5.20.12 or higher.
Overview
adodb/adodb-php is a PHP database abstraction layer library.
Affected versions of this package are vulnerable to SQL injection. The SelectLimit
function has a potential SQL exploit through the use of the nrows
and offset
parameters which are not forced to integers.