CVE-2016-7405: SQL Injection

October 3, 2016 (updated July 1, 2017)

The qstr method in the PDO driver in the ADOdb Library for PHP might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.

References

github.com/ADOdb/ADOdb/blob/v5.20.7/docs/changelog.md
github.com/ADOdb/ADOdb/commit/bd9eca9f40220f9918ec3cc7ae9ef422b3e448b8
nvd.nist.gov/vuln/detail/CVE-2016-7405

Code Behaviors & Features

Detect and mitigate CVE-2016-7405 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →