| Package | libphp-adodb |
|---|---|
| Version | 5.20.9-1+deb9u3 (stretch), 5.20.14-1+deb10u3 (buster) |
| Related CVEs | CVE-2025-54119 |
Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements (SQL injection) when the code using ADOdb connects to a sqlite3 or sqlite database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name.
For Debian 10 buster, these problems have been fixed in version 5.20.14-1+deb10u3.
For Debian 9 stretch, these problems have been fixed in version 5.20.9-1+deb9u3.
We recommend that you upgrade your libphp-adodb packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.