Published: 25/01/2022 Updated: 27/10/2022

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb before 5.20.21.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adodb project adodb
debian debian linux 9.0

Debian Bug report logs - #1004376 libphp-adodb: CVE-2021-3850 - Authentication Bypass in PostgreSQL connections Package: src:libphp-adodb; Maintainer for src:libphp-adodb is Cameron Dale <camrdale@gmailcom>; Reported by: Neil Williams <codehelp@debianorg> Date: Wed, 26 Jan 2022 08:45:02 UTC Severity: grave Tags: se ...

Emmet Leahy reported that libphp-adodb, a PHP database abstraction layer library, allows to inject values into a PostgreSQL connection string Depending on how the library is used this flaw can result in authentication bypass, reveal a server IP address or have other unspecified impact For the oldstable distribution (buster), this problem has been ...

CWE-287 https://github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29 https://huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c https://lists.debian.org/debian-lts-announce/2022/02/msg00006.html https://www.debian.org/security/2022/dsa-5101 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004376 https://nvd.nist.gov https://www.debian.org/security/2022/dsa-5101

CVE-2021-3850

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect