Candidate: CVE-2016-7405
PublicDate: 2016-10-03 18:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7405
 https://github.com/ADOdb/ADOdb/issues/226
 https://github.com/ADOdb/ADOdb/commit/bd9eca9
 http://www.openwall.com/lists/oss-security/2016/09/07/8
Description:
 The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x
 before 5.20.7 might allow remote attackers to conduct SQL injection attacks
 via vectors related to incorrect quoting.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837211
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_libphp-adodb:
upstream_libphp-adodb: released (5.20.6-1)
precise_libphp-adodb: ignored (reached end-of-life)
precise/esm_libphp-adodb: DNE (precise was needed)
trusty_libphp-adodb: ignored (reached end-of-life)
trusty/esm_libphp-adodb: DNE (trusty was released [5.15-1+deb7u1build0.14.04.1])
vivid/stable-phone-overlay_libphp-adodb: DNE
vivid/ubuntu-core_libphp-adodb: DNE
xenial_libphp-adodb: ignored (end of standard support, was needed)
yakkety_libphp-adodb: ignored (reached end-of-life)
zesty_libphp-adodb: ignored (reached end-of-life)
artful_libphp-adodb: ignored (reached end-of-life)
bionic_libphp-adodb: not-affected
cosmic_libphp-adodb: not-affected
disco_libphp-adodb: not-affected
eoan_libphp-adodb: not-affected
focal_libphp-adodb: not-affected
groovy_libphp-adodb: not-affected
hirsute_libphp-adodb: not-affected
impish_libphp-adodb: not-affected
jammy_libphp-adodb: not-affected
devel_libphp-adodb: not-affected