{"id":9705,"date":"2025-08-04T20:52:26","date_gmt":"2025-08-04T20:52:26","guid":{"rendered":"http:\/\/localhost\/?p=9705"},"modified":"2025-08-04T20:52:26","modified_gmt":"2025-08-04T20:52:26","slug":"adodbs-sqlite3-driver-allows-sql-injection","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=9705","title":{"rendered":"ADOdb’s sqlite3 driver allows SQL injection"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nADOdb’s sqlite3 driver allows SQL injection<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-08-05T00:12:52.505Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-08-05T00:12:52.505Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nADOdb<\/td>\n<\/tr>\n
Product<\/th>\nADOdb<\/td>\n<\/tr>\n
Version<\/th>\n< 5.22.10<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n10.0 (CRITICAL)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:L<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nADOdb versions before 5.22.10 have a SQL injection vulnerability in the sqlite3 driver. This occurs when metaColumns(), metaForeignKeys(), or metaIndexes() methods are called with uncontrolled data, allowing attackers to execute arbitrary SQL. The issue is fixed in version 5.22.10.<\/td>\n<\/tr>\n
AI Severity<\/th>\nCritical<\/td>\n<\/tr>\n
AI Vendor<\/th>\nADOdb<\/td>\n<\/tr>\n
AI Product<\/th>\nADOdb<\/td>\n<\/tr>\n
AI Version<\/th>\n<5.22.10<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n