CVE-2025-54119 Information

Aug 06, 2025 cve

Description

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns() metaForeignKeys() or metaIndexes() methods with a crafted table name. This is fixed in version 5.22.10. To workaround this issue only pass controlled data to metaColumns() metaForeignKeys() and metaIndexes() method’s $table parameter.

Reference

https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03 https://github.com/ADOdb/ADOdb/issues/1083 https://github.com/ADOdb/ADOdb/security/advisories/GHSA-vf2r-cxg9-p7rf

CNNVD-202508-281 (Published: 2025-08-05)

Share on:

CVE-2025-54119 Information

Description

Reference

Related CNNVD