Primary

Context

ADOdb SQL Injection Vulnerability in SQLite3 Driver

Vulnerability

Patched

A critical SQL injection vulnerability has been identified in ADOdb versions 5.22.9 and prior, specifically within the SQLite3 database driver. The issue arises from improper escaping of query parameters, which may allow an attacker to execute arbitrary SQL statements. This vulnerability is triggered when the affected code calls the metaColumns(), metaForeignKeys(), or metaIndexes() methods with a crafted table name. The vulnerability has been addressed in ADOdb version 5.22.10.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution on the connected SQLite3 database, potentially leading to unauthorized data manipulation or disclosure.

Remediation

Users can upgrade to ADOdb version 5.22.10 to address this vulnerability. For those unable to upgrade, it is advised to only pass controlled data to the metaColumns(), metaForeignKeys(), and metaIndexes() methods' table parameter.

Added: Aug 5, 2025, 1:45 AM

Updated: Aug 5, 2025, 1:45 AM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

5.0

exploitability

5.3

remediation

7.9

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

5.0

exploitability

5.3

remediation

7.9

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ADOdb SQL Injection Vulnerability in SQLite3 Driver

Vulnerability

Impact

Remediation

Affected Products

ADOdb

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating