CVE-2016-7405 — CRITICAL (9.8)

Vulnerability Description

The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Adodb Project	Adodb	5.00
Php	Php	-
Fedoraproject	Fedora	25

Related Weaknesses (CWE)

CWE-89

References

http://www.openwall.com/lists/oss-security/2016/09/07/8PatchRelease Notes
http://www.openwall.com/lists/oss-security/2016/09/15/1PatchRelease Notes
http://www.securityfocus.com/bid/92969Third Party Advisory
https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.mdPatchRelease NotesVendor Advisory
https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8PatchVendor Advisory
https://github.com/ADOdb/ADOdb/issues/226Patch
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://security.gentoo.org/glsa/201701-59
http://www.openwall.com/lists/oss-security/2016/09/07/8PatchRelease Notes
http://www.openwall.com/lists/oss-security/2016/09/15/1PatchRelease Notes
http://www.securityfocus.com/bid/92969Third Party Advisory
https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.mdPatchRelease NotesVendor Advisory
https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8PatchVendor Advisory
https://github.com/ADOdb/ADOdb/issues/226Patch
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro

FAQ

What is CVE-2016-7405?

CVE-2016-7405 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.

How severe is CVE-2016-7405?

CVE-2016-7405 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2016-7405?

Check the references section above for vendor advisories and patch information. Affected products include: Adodb Project Adodb, Php Php, Fedoraproject Fedora.