Debian: Security Advisory for libphp-adodb (DSA-5101-1)

Information

Severity

Severity

Medium

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

6.4

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Solution Type

Solution Type

Vendor Patch

Created

Created

2 months ago

Modified

Modified

2 months ago

Summary

The remote host is missing an update for the 'libphp-adodb' package(s) announced via the DSA-5101-1 advisory.

Insight

Insight

Emmet Leahy reported that libphp-adodb, a PHP database abstraction layer library, allows to inject values into a PostgreSQL connection string. Depending on how the library is used this flaw can result in authentication bypass, reveal a server IP address or have other unspecified impact.

Affected Software

Affected Software

'libphp-adodb' package(s) on Debian Linux.

Detection Method

Detection Method

Checks if a vulnerable package version is present on the target host.

Solution

Solution

For the oldstable distribution (buster), this problem has been fixed in version 5.20.14-1+deb10u1. For the stable distribution (bullseye), this problem has been fixed in version 5.20.19-1+deb11u1. We recommend that you upgrade your libphp-adodb packages.

Common Vulnerabilities and Exposures (CVE)

Download Mageni to scan and fix this vulnerability. It is free and easy.

Processing. Please wait...

Free for 7-days then $4 USD monthly regardless of how many IPs, scans, users, or deployments you have. No Contracts, Cancel at Anytime and 7-days Money-Back Guarantee.