CVE-2016-7405 - Vulnerability Details

Vendors	Products
Adodb Project	Adodb
Fedoraproject	Fedora
Php	Php

Link	Providers
http://www.openwall.com/lists/oss-security/2016/09/07/8
http://www.openwall.com/lists/oss-security/2016/09/15/1
http://www.securityfocus.com/bid/92969
https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md
https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8
https://github.com/ADOdb/ADOdb/issues/226
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/
https://security.gentoo.org/glsa/201701-59

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-09-07T00:00:00", "descriptions": [{"lang": "en", "value": "The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-30T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "FEDORA-2016-c5ec2c17e6", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/"}, {"name": "[oss-security] 20160907 ADOdb PDO driver: incorrect quoting may allow SQL injection", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/09/07/8"}, {"name": "92969", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92969"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ADOdb/ADOdb/issues/226"}, {"name": "GLSA-201701-59", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-59"}, {"name": "[oss-security] 20160915 Re: ADOdb PDO driver: incorrect quoting may allow SQL injection", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/09/15/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7405", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2016-c5ec2c17e6", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/"}, {"name": "[oss-security] 20160907 ADOdb PDO driver: incorrect quoting may allow SQL injection", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/09/07/8"}, {"name": "92969", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92969"}, {"name": "https://github.com/ADOdb/ADOdb/issues/226", "refsource": "CONFIRM", "url": "https://github.com/ADOdb/ADOdb/issues/226"}, {"name": "GLSA-201701-59", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-59"}, {"name": "[oss-security] 20160915 Re: ADOdb PDO driver: incorrect quoting may allow SQL injection", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/09/15/1"}, {"name": "https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md", "refsource": "CONFIRM", "url": "https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md"}, {"name": "https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8", "refsource": "CONFIRM", "url": "https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:57:47.607Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2016-c5ec2c17e6", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/"}, {"name": "[oss-security] 20160907 ADOdb PDO driver: incorrect quoting may allow SQL injection", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/09/07/8"}, {"name": "92969", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/92969"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/ADOdb/ADOdb/issues/226"}, {"name": "GLSA-201701-59", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-59"}, {"name": "[oss-security] 20160915 Re: ADOdb PDO driver: incorrect quoting may allow SQL injection", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/09/15/1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-7405", "datePublished": "2016-10-03T18:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-06T01:57:47.607Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2016-09-07T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-06-30T16:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

name : FEDORA-2016-c5ec2c17e6 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/ (string)

}

1 : { »

name : [oss-security] 20160907 ADOdb PDO driver: incorrect quoting may allow SQL injection (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://www.openwall.com/lists/oss-security/2016/09/07/8 (string)

}

2 : { »

name : 92969 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/92969 (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://github.com/ADOdb/ADOdb/issues/226 (string)

}

4 : { »

name : GLSA-201701-59 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : https://security.gentoo.org/glsa/201701-59 (string)

}

5 : { »

name : [oss-security] 20160915 Re: ADOdb PDO driver: incorrect quoting may allow SQL injection (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://www.openwall.com/lists/oss-security/2016/09/15/1 (string)

}

6 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2016-7405 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : FEDORA-2016-c5ec2c17e6 (string)

refsource : FEDORA (string)

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/ (string)

}

1 : { »

name : [oss-security] 20160907 ADOdb PDO driver: incorrect quoting may allow SQL injection (string)

refsource : MLIST (string)

url : http://www.openwall.com/lists/oss-security/2016/09/07/8 (string)

}

2 : { »

name : 92969 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/92969 (string)

}

3 : { »

name : https://github.com/ADOdb/ADOdb/issues/226 (string)

refsource : CONFIRM (string)

url : https://github.com/ADOdb/ADOdb/issues/226 (string)

}

4 : { »

name : GLSA-201701-59 (string)

refsource : GENTOO (string)

url : https://security.gentoo.org/glsa/201701-59 (string)

}

5 : { »

name : [oss-security] 20160915 Re: ADOdb PDO driver: incorrect quoting may allow SQL injection (string)

refsource : MLIST (string)

url : http://www.openwall.com/lists/oss-security/2016/09/15/1 (string)

}

6 : { »

name : https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md (string)

refsource : CONFIRM (string)

url : https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md (string)

}

7 : { »

name : https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8 (string)

refsource : CONFIRM (string)

url : https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T01:57:47.607Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : FEDORA-2016-c5ec2c17e6 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/ (string)

}

1 : { »

name : [oss-security] 20160907 ADOdb PDO driver: incorrect quoting may allow SQL injection (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://www.openwall.com/lists/oss-security/2016/09/07/8 (string)

}

2 : { »

name : 92969 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/92969 (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://github.com/ADOdb/ADOdb/issues/226 (string)

}

4 : { »

name : GLSA-201701-59 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : https://security.gentoo.org/glsa/201701-59 (string)

}

5 : { »

name : [oss-security] 20160915 Re: ADOdb PDO driver: incorrect quoting may allow SQL injection (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://www.openwall.com/lists/oss-security/2016/09/15/1 (string)

}

6 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2016-7405 (string)

datePublished : 2016-10-03T18:00:00 (string)

dateReserved : 2016-09-09T00:00:00 (string)

dateUpdated : 2024-08-06T01:57:47.607Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adodb_project:adodb:5.00:beta:*:*:*:*:*:*", "matchCriteriaId": "2ECFB1B6-732D-413A-9C17-4ACD9CBA3589", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.01:beta:*:*:*:*:*:*", "matchCriteriaId": "88114530-BCBB-400E-843E-2F94B1CACC2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.02:*:*:*:*:*:*:*", "matchCriteriaId": "77223E35-5E7E-4151-BB15-C7ADFE4B86B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.02:a:*:*:*:*:*:*", "matchCriteriaId": "7DB61C0F-1FAD-4C3B-9357-43C70A80D018", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.03:*:*:*:*:*:*:*", "matchCriteriaId": "96AF2750-E764-4DF9-B812-E4F84C2DA273", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.04:*:*:*:*:*:*:*", "matchCriteriaId": "09AE12CB-6E89-4382-BD15-CC87EB7E8289", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.04:a:*:*:*:*:*:*", "matchCriteriaId": "FAE026E2-8A7C-41E6-B5BC-C41D7C19A5F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.05:*:*:*:*:*:*:*", "matchCriteriaId": "9EFEE9B0-7BBC-4029-9A8A-16D71CFEFACE", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.06:*:*:*:*:*:*:*", "matchCriteriaId": "6212181D-E9B3-499C-854C-A82638DBFCB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.06:a:*:*:*:*:*:*", "matchCriteriaId": "372CB285-FE6C-43EB-BD47-4516C3A7ED71", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.07:*:*:*:*:*:*:*", "matchCriteriaId": "1FA2E5C8-B64F-48E5-ADCA-3C152554F60D", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.08:*:*:*:*:*:*:*", "matchCriteriaId": "E48DFB5E-931D-426A-AF91-7ACEFC7C9FC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.08:a:*:*:*:*:*:*", "matchCriteriaId": "681D942A-24A2-4A86-9200-9E9933612B9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.09:*:*:*:*:*:*:*", "matchCriteriaId": "95D5E76C-7015-43E9-92E8-C39E421095DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.09:a:*:*:*:*:*:*", "matchCriteriaId": "781839DE-D14B-467B-95A4-1D516C53A650", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.10:*:*:*:*:*:*:*", "matchCriteriaId": "1F80E2D4-7B28-4E3C-A68F-2321DEEAA225", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.11:*:*:*:*:*:*:*", "matchCriteriaId": "5EB6CF54-9531-430D-BBBA-A61148BC2637", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.12:*:*:*:*:*:*:*", "matchCriteriaId": "043417B3-BD61-4169-ABBA-91C6A0A831DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.13:*:*:*:*:*:*:*", "matchCriteriaId": "629829F0-10C0-4B36-8979-3EBAA80F4F57", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.14:*:*:*:*:*:*:*", "matchCriteriaId": "710EF645-0060-43CB-9C75-1F8D074FB6DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.15:*:*:*:*:*:*:*", "matchCriteriaId": "0AAB8C30-7B19-4A9B-A067-52D72540AC3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.16:*:*:*:*:*:*:*", "matchCriteriaId": "BB858175-650F-4CFB-B0F2-BE58C2FA7DD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.16:a:*:*:*:*:*:*", "matchCriteriaId": "1E55E92C-301B-429F-9962-676992D0382E", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.17:*:*:*:*:*:*:*", "matchCriteriaId": "70C32C6B-5FC3-4329-BDC3-9A16AA84E65F", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.18:*:*:*:*:*:*:*", "matchCriteriaId": "914644A3-7D1D-412F-8972-87F73DB03F04", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.18:a:*:*:*:*:*:*", "matchCriteriaId": "7D45DEB9-B9C4-44BB-A055-430BF1592597", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.19:*:*:*:*:*:*:*", "matchCriteriaId": "D48D93CC-AD55-4A45-BEF0-4B51F974DD1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.20.0:*:*:*:*:*:*:*", "matchCriteriaId": "055B0185-CEC1-436E-A5CB-6D81C140DDD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.20.1:*:*:*:*:*:*:*", "matchCriteriaId": "AC376C69-63DD-49CF-B1ED-CB58CB9DA59C", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.20.2:*:*:*:*:*:*:*", "matchCriteriaId": "2416EB90-A876-485E-A1B7-DD2D3B596EB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.20.3:*:*:*:*:*:*:*", "matchCriteriaId": "E7B26715-C83E-4AF9-AC16-EA1CB50EF6B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.20.4:*:*:*:*:*:*:*", "matchCriteriaId": "8B7A81D1-EAF9-49D0-95B9-187222EE3C57", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.20.5:*:*:*:*:*:*:*", "matchCriteriaId": "9E7E9704-58E3-4BD2-822D-44E0C118ABDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:adodb_project:adodb:5.20.6:*:*:*:*:*:*:*", "matchCriteriaId": "F32E9FFE-99AA-41CF-A6D8-176C151779ED", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:-:*:*:*:*:*:*:*", "matchCriteriaId": "029B5A37-BA8D-4FEC-BE90-856BB9D0D0E1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*", "matchCriteriaId": "772E9557-A371-4664-AE2D-4135AAEB89AA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting."}, {"lang": "es", "value": "El m\u00e9todo qstr en el controlador PDO en el ADOdb Library para PHP en versiones anteriores a 5.x en versiones anteriores a 5.20.7 podr\u00eda permitir a atacantes llevar a cabo ataques de inyecci\u00f3n SQL a trav\u00e9s de vectores relacionados con una citaci\u00f3n incorrecta."}], "id": "CVE-2016-7405", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-03T18:59:14.150", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Release Notes"], "url": "http://www.openwall.com/lists/oss-security/2016/09/07/8"}, {"source": "cve@mitre.org", "tags": ["Patch", "Release Notes"], "url": "http://www.openwall.com/lists/oss-security/2016/09/15/1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.securityfocus.com/bid/92969"}, {"source": "cve@mitre.org", "tags": ["Patch", "Release Notes", "Vendor Advisory"], "url": "https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/ADOdb/ADOdb/issues/226"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201701-59"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Release Notes"], "url": "http://www.openwall.com/lists/oss-security/2016/09/07/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Release Notes"], "url": "http://www.openwall.com/lists/oss-security/2016/09/15/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.securityfocus.com/bid/92969"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Release Notes", "Vendor Advisory"], "url": "https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/ADOdb/ADOdb/issues/226"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201701-59"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.00:beta:*:*:*:*:*:* (string)

matchCriteriaId : 2ECFB1B6-732D-413A-9C17-4ACD9CBA3589 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.01:beta:*:*:*:*:*:* (string)

matchCriteriaId : 88114530-BCBB-400E-843E-2F94B1CACC2C (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.02:*:*:*:*:*:*:* (string)

matchCriteriaId : 77223E35-5E7E-4151-BB15-C7ADFE4B86B0 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.02:a:*:*:*:*:*:* (string)

matchCriteriaId : 7DB61C0F-1FAD-4C3B-9357-43C70A80D018 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.03:*:*:*:*:*:*:* (string)

matchCriteriaId : 96AF2750-E764-4DF9-B812-E4F84C2DA273 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.04:*:*:*:*:*:*:* (string)

matchCriteriaId : 09AE12CB-6E89-4382-BD15-CC87EB7E8289 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.04:a:*:*:*:*:*:* (string)

matchCriteriaId : FAE026E2-8A7C-41E6-B5BC-C41D7C19A5F5 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.05:*:*:*:*:*:*:* (string)

matchCriteriaId : 9EFEE9B0-7BBC-4029-9A8A-16D71CFEFACE (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.06:*:*:*:*:*:*:* (string)

matchCriteriaId : 6212181D-E9B3-499C-854C-A82638DBFCB4 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.06:a:*:*:*:*:*:* (string)

matchCriteriaId : 372CB285-FE6C-43EB-BD47-4516C3A7ED71 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.07:*:*:*:*:*:*:* (string)

matchCriteriaId : 1FA2E5C8-B64F-48E5-ADCA-3C152554F60D (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.08:*:*:*:*:*:*:* (string)

matchCriteriaId : E48DFB5E-931D-426A-AF91-7ACEFC7C9FC5 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.08:a:*:*:*:*:*:* (string)

matchCriteriaId : 681D942A-24A2-4A86-9200-9E9933612B9C (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.09:*:*:*:*:*:*:* (string)

matchCriteriaId : 95D5E76C-7015-43E9-92E8-C39E421095DD (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.09:a:*:*:*:*:*:* (string)

matchCriteriaId : 781839DE-D14B-467B-95A4-1D516C53A650 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.10:*:*:*:*:*:*:* (string)

matchCriteriaId : 1F80E2D4-7B28-4E3C-A68F-2321DEEAA225 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.11:*:*:*:*:*:*:* (string)

matchCriteriaId : 5EB6CF54-9531-430D-BBBA-A61148BC2637 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.12:*:*:*:*:*:*:* (string)

matchCriteriaId : 043417B3-BD61-4169-ABBA-91C6A0A831DC (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.13:*:*:*:*:*:*:* (string)

matchCriteriaId : 629829F0-10C0-4B36-8979-3EBAA80F4F57 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.14:*:*:*:*:*:*:* (string)

matchCriteriaId : 710EF645-0060-43CB-9C75-1F8D074FB6DC (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.15:*:*:*:*:*:*:* (string)

matchCriteriaId : 0AAB8C30-7B19-4A9B-A067-52D72540AC3D (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.16:*:*:*:*:*:*:* (string)

matchCriteriaId : BB858175-650F-4CFB-B0F2-BE58C2FA7DD8 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.16:a:*:*:*:*:*:* (string)

matchCriteriaId : 1E55E92C-301B-429F-9962-676992D0382E (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.17:*:*:*:*:*:*:* (string)

matchCriteriaId : 70C32C6B-5FC3-4329-BDC3-9A16AA84E65F (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.18:*:*:*:*:*:*:* (string)

matchCriteriaId : 914644A3-7D1D-412F-8972-87F73DB03F04 (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.18:a:*:*:*:*:*:* (string)

matchCriteriaId : 7D45DEB9-B9C4-44BB-A055-430BF1592597 (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.19:*:*:*:*:*:*:* (string)

matchCriteriaId : D48D93CC-AD55-4A45-BEF0-4B51F974DD1D (string)

vulnerable : true (boolean)

}

27 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.20.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 055B0185-CEC1-436E-A5CB-6D81C140DDD6 (string)

vulnerable : true (boolean)

}

28 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.20.1:*:*:*:*:*:*:* (string)

matchCriteriaId : AC376C69-63DD-49CF-B1ED-CB58CB9DA59C (string)

vulnerable : true (boolean)

}

29 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.20.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 2416EB90-A876-485E-A1B7-DD2D3B596EB8 (string)

vulnerable : true (boolean)

}

30 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.20.3:*:*:*:*:*:*:* (string)

matchCriteriaId : E7B26715-C83E-4AF9-AC16-EA1CB50EF6B9 (string)

vulnerable : true (boolean)

}

31 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.20.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 8B7A81D1-EAF9-49D0-95B9-187222EE3C57 (string)

vulnerable : true (boolean)

}

32 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.20.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 9E7E9704-58E3-4BD2-822D-44E0C118ABDC (string)

vulnerable : true (boolean)

}

33 : { »

criteria : cpe:2.3:a:adodb_project:adodb:5.20.6:*:*:*:*:*:*:* (string)

matchCriteriaId : F32E9FFE-99AA-41CF-A6D8-176C151779ED (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:php:php:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 029B5A37-BA8D-4FEC-BE90-856BB9D0D0E1 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:* (string)

matchCriteriaId : 772E9557-A371-4664-AE2D-4135AAEB89AA (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. (string)

}

1 : { »

lang : es (string)

value : El método qstr en el controlador PDO en el ADOdb Library para PHP en versiones anteriores a 5.x en versiones anteriores a 5.20.7 podría permitir a atacantes llevar a cabo ataques de inyección SQL a través de vectores relacionados con una citación incorrecta. (string)

}

]

id : CVE-2016-7405 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : true (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 7.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2016-10-03T18:59:14.150 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Release Notes (string)

]

url : http://www.openwall.com/lists/oss-security/2016/09/07/8 (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Release Notes (string)

]

url : http://www.openwall.com/lists/oss-security/2016/09/15/1 (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.securityfocus.com/bid/92969 (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Release Notes (string)

2 : Vendor Advisory (string)

]

url : https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md (string)

}

4 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8 (string)

}

5 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

]

url : https://github.com/ADOdb/ADOdb/issues/226 (string)

}

6 : { »

source : cve@mitre.org (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/ (string)

}

7 : { »

source : cve@mitre.org (string)

url : https://security.gentoo.org/glsa/201701-59 (string)

}

8 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Release Notes (string)

]

url : http://www.openwall.com/lists/oss-security/2016/09/07/8 (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Release Notes (string)

]

url : http://www.openwall.com/lists/oss-security/2016/09/15/1 (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.securityfocus.com/bid/92969 (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Release Notes (string)

2 : Vendor Advisory (string)

]

url : https://github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8 (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://github.com/ADOdb/ADOdb/issues/226 (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/ (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://security.gentoo.org/glsa/201701-59 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-89 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object