Source: libphp-adodb Version: 5.22.8-0.1 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://github.com/ADOdb/ADOdb/issues/1070 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for libphp-adodb. CVE-2025-46337[0]: | ADOdb is a PHP database class library that provides abstractions for | performing queries and managing databases. Prior to version 5.22.9, | improper escaping of a query parameter may allow an attacker to | execute arbitrary SQL statements when the code using ADOdb connects | to a PostgreSQL database and calls pg_insert_id() with user-supplied | data. This issue has been patched in version 5.22.9. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-46337 https://www.cve.org/CVERecord?id=CVE-2025-46337 [1] https://github.com/ADOdb/ADOdb/issues/1070 [2] https://github.com/ADOdb/ADOdb/security/advisories/GHSA-8x27-jwjr-8545 [3] https://github.com/ADOdb/ADOdb/commit/11107d6d6e5160b62e05dff8a3a2678cf0e3a426 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
