CVE-2016-7405
Published: 3 October 2016
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
Priority
Status
Package | Release | Status |
---|---|---|
libphp-adodb Launchpad, Ubuntu, Debian |
trusty |
Does not exist
(trusty was released [5.15-1+deb7u1build0.14.04.1])
|
impish |
Not vulnerable
|
|
groovy |
Not vulnerable
|
|
jammy |
Not vulnerable
|
|
hirsute |
Not vulnerable
|
|
xenial |
Needed
|
|
precise |
Ignored
(end of life)
|
|
kinetic |
Not vulnerable
|
|
lunar |
Not vulnerable
|
|
artful |
Ignored
(end of life)
|
|
bionic |
Not vulnerable
|
|
cosmic |
Not vulnerable
|
|
disco |
Not vulnerable
|
|
eoan |
Not vulnerable
|
|
focal |
Not vulnerable
|
|
upstream |
Released
(5.20.6-1)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
mantic |
Not vulnerable
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |