Home > Vulnerability Database > WS-2018-0066

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

WS-2018-0066

Good to know:

Date: April 30, 2018

Potential SQL injection vector in ADOdb

Language: PHP

Severity Score

8.6

Related Resources (4)

Url: https://github.com/FriendsOfPHP/security-advisories/commit/3a14c1fff3e51a94440650f6faea6876f7cfd141

Url: https://github.com/ADOdb/ADOdb/commit/d29c23f2264ec95c6d3851e0f51ce240b2f36b74

Url: https://github.com/ADOdb/ADOdb/pull/401

Url: https://www.mend.io/vulnerability-database/WS-2018-0066

Severity Score

8.6

Weakness Type (CWE)

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-74

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

Top Fix

Upgrade Version

Upgrade to version typo3/cms - 6.2.28;typo3/cms - 7.6.21;typo3/cms - 8.3.0;typo3/cms - 7.6.26;typo3/cms - 8.0.0;typo3/cms - 7.6.23;typo3/cms - TYPO3_7-6-20;typo3/cms - 7.6.24;typo3/cms - 7.6.31;typo3/cms - 7.6.19;typo3/cms - 8.4.0;typo3/cms - 7.6.13;typo3/cms - 7.6.30;typo3/cms - 6.2.19;typo3/cms - 7.6.28;typo3/cms - TYPO3_6-2-1;typo3/cms - 7.6.27;typo3/cms - 6.2.13;typo3/cms - 7.0.2;typo3/cms - 6.2.16;typo3/cms - 7.6.22;typo3/cms - 7.6.25;typo3/cms - 7.6.11;typo3/cms - 7.2.0;typo3/cms - 6.2.10-rc1;typo3/cms - 6.2.24;typo3/cms - 6.2.8;typo3/cms - 7.6.32;typo3/cms - TYPO3_8-4-0;typo3/cms - 7.6.29;typo3/cms - 7.6.16;moodle/moodle - v3.4.5;moodle/moodle - v3.8.0-beta;moodle/moodle - dev-MOODLE_38_STABLE;moodle/moodle - v3.7.0-rc2;moodle/moodle - v3.7.8;moodle/moodle - v3.5.2;moodle/moodle - v3.6.5;moodle/moodle - v3.7.1;moodle/moodle - v3.3.8;moodle/moodle - v3.5.7;moodle/moodle - v3.1.14;moodle/moodle - v3.6.0-beta;acosf/archersys - 4.0.2;acosf/archersys - no_fix;acosf/archersys - 3.5;my-oos/my-oos - v2.0.107;corepos/common-bundle - no_fix;corepos/common-bundle - 2.0.0;felixarenas/adodbconect - v0.2.4;instituteweb/typo3-cms - 8.4.0;instituteweb/typo3-cms - dev-TYPO3_8;covex-nn/moodle - v2.8.0.0;covex-nn/moodle - v2.9.1.0;yetiforce/yetiforce-crm - dev-dependabot/composer/developer/composer/ca-bundle-1.5.0;yetiforce/yetiforce-crm - dev-dependabot/composer/developer/composer/ca-bundle-1.2.10;yetiforce/yetiforce-crm - dev-dependabot/composer/developer/parsecsv/php-parsecsv-1.3.0;yetiforce/yetiforce-crm - dev-dependabot/add-v2-config-file;yetiforce/yetiforce-crm - dev-dependabot/composer/developer/adhocore/jwt-1.1.1;friendsoftypo3/adodb - no_fix;javanile/vtiger-core - 7.5.0;adodb/adodb-php - dev-hotfix/5.20;adodb/adodb-php - v5.20.11

Learn More

CVSS v3.1

Base Score:	8.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

WS-2018-0066

Good to know:

Date: April 30, 2018

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?