CVE-2025-54119 - Critical Severity Vulnerability
Vulnerable Library - adodb/adodb-php-v5.22.7
ADOdb is a PHP database abstraction layer library
Library home page: https://api.github.com/repos/ADOdb/ADOdb/zipball/e7150539d5707ae556172532e2b25ac4e88cb2a6
Dependency Hierarchy:
- ❌ adodb/adodb-php-v5.22.7 (Vulnerable Library)
Found in base branch: master
Vulnerability Details
ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. This is fixed in version 5.22.10. To workaround this issue, only pass controlled data to metaColumns(), metaForeignKeys() and metaIndexes() method's $table parameter.
Publish Date: 2025-08-05
URL: CVE-2025-54119
CVSS 3 Score Details (10.0)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: Low
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-vf2r-cxg9-p7rf
Release Date: 2025-08-05
Fix Resolution: https://github.com/ADOdb/ADOdb.git - v5.22.10
Step up your Open Source Security Game with Mend here
CVE-2025-54119 - Critical Severity Vulnerability
ADOdb is a PHP database abstraction layer library
Library home page: https://api.github.com/repos/ADOdb/ADOdb/zipball/e7150539d5707ae556172532e2b25ac4e88cb2a6
Dependency Hierarchy:
Found in base branch: master
ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. This is fixed in version 5.22.10. To workaround this issue, only pass controlled data to metaColumns(), metaForeignKeys() and metaIndexes() method's $table parameter.
Publish Date: 2025-08-05
URL: CVE-2025-54119
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: GHSA-vf2r-cxg9-p7rf
Release Date: 2025-08-05
Fix Resolution: https://github.com/ADOdb/ADOdb.git - v5.22.10
Step up your Open Source Security Game with Mend here