GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon Feb 06, 2006 7:26 pm Post subject: [ GLSA 200602-02 ] ADOdb: PostgresSQL command injection |
 |
|
Gentoo Linux Security Advisory
Title: ADOdb: PostgresSQL command injection (GLSA 200602-02)
Severity: normal
Exploitable: remote
Date: February 06, 2006
Bug(s): #120215
ID: 200602-02
Synopsis
ADOdb is vulnerable to SQL injections if used in conjunction with a
PostgreSQL database.
Background
ADOdb is an abstraction library for PHP creating a common API for
a wide range of database backends.
Affected Packages
Package: dev-php/adodb
Vulnerable: < 4.71
Unaffected: >= 4.71
Architectures: All supported architectures
Description
Andy Staudacher discovered that ADOdb does not properly sanitize
all parameters.
Impact
By sending specifically crafted requests to an application that
uses ADOdb and a PostgreSQL backend, an attacker might exploit the flaw
to execute arbitrary SQL queries on the host.
Workaround
There is no known workaround at this time.
Resolution
All ADOdb users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-php/adodb-4.71" |
References
CVE-2006-0410
Last edited by GLSA on Thu Jan 29, 2015 4:21 am; edited 3 times in total |
|
News & Announcements
