CVE-2025-46337 (Critical) detected in adodb/adodb-php-v5.22.7

[mend-bolt-for-github]

CVE-2025-46337 - Critical Severity Vulnerability

Vulnerable Library - adodb/adodb-php-v5.22.7

ADOdb is a PHP database abstraction layer library

Library home page: https://api.github.com/repos/ADOdb/ADOdb/zipball/e7150539d5707ae556172532e2b25ac4e88cb2a6

Dependency Hierarchy:

• ❌ adodb/adodb-php-v5.22.7 (Vulnerable Library)

Found in base branch: master

Vulnerability Details

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pg_insert_id() with user-supplied data. This issue has been patched in version 5.22.9.

Publish Date: 2025-05-01

URL: CVE-2025-46337

CVSS 3 Score Details (10.0)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2025-05-01

Fix Resolution: adodb/adodb-php - v5.22.9

---

Step up your Open Source Security Game with Mend here