blob: b0c676c2f3c13d5ca4973298fe84afe3baf3c5c0 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200602-02">
<title>ADOdb: PostgresSQL command injection</title>
ADOdb is vulnerable to SQL injections if used in conjunction with a
PostgreSQL database.
<product type="ebuild">ADOdb</product>
<announced>February 06, 2006</announced>
<revised>February 06, 2006: 01</revised>
<package name="dev-php/adodb" auto="yes" arch="*">
<unaffected range="ge">4.71</unaffected>
<vulnerable range="lt">4.71</vulnerable>
ADOdb is an abstraction library for PHP creating a common API for
a wide range of database backends.
Andy Staudacher discovered that ADOdb does not properly sanitize
all parameters.
<impact type="normal">
By sending specifically crafted requests to an application that
uses ADOdb and a PostgreSQL backend, an attacker might exploit the flaw
to execute arbitrary SQL queries on the host.
There is no known workaround at this time.
All ADOdb users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=dev-php/adodb-4.71&quot;</code>
<uri link="">CVE-2006-0410</uri>
<metadata tag="bugReady" timestamp="Sat, 04 Feb 2006 17:34:56 +0000">
<metadata tag="submitter" timestamp="Mon, 06 Feb 2006 08:23:05 +0000">