Headline
CVE-2021-3850: Prevent auth bypass with PostgreSQL connections · ADOdb/ADOdb@952de6c
Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.
Browse files
Prevent auth bypass with PostgreSQL connections
Thanks to Emmet Leahy of Sorcery Ltd for reporting this vulnerability (CVE-2021-3850).
This is a minimalistic approach to patch the issue, to reduce the risk of causing regressions in the legacy stable branch.
Fixes #793
- Loading branch information
dregad committed
Jan 16, 2022
1 parent 66fb9e5 commit 952de6c4273d9b1e91c2b838044f8c2111150c29
Related news
Ubuntu Security Notice 6825-1 - It was discovered that the PDO driver in ADOdb was incorrectly handling string quotes. A remote attacker could possibly use this issue to perform SQL injection attacks. This issue only affected Ubuntu 16.04 LTS. It was discovered that ADOdb was incorrectly handling GET parameters in test.php. A remote attacker could possibly use this issue to execute cross-site scripting attacks. This issue only affected Ubuntu 16.04 LTS.