Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-3850: Prevent auth bypass with PostgreSQL connections · ADOdb/ADOdb@952de6c

Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.

CVE
#sql#vulnerability#git#auth#postgres

Browse files

Prevent auth bypass with PostgreSQL connections

Thanks to Emmet Leahy of Sorcery Ltd for reporting this vulnerability (CVE-2021-3850).

This is a minimalistic approach to patch the issue, to reduce the risk of causing regressions in the legacy stable branch.

Fixes #793

  • Loading branch information

dregad committed

Jan 16, 2022

1 parent 66fb9e5 commit 952de6c4273d9b1e91c2b838044f8c2111150c29

Related news

Ubuntu Security Notice USN-6825-1

Ubuntu Security Notice 6825-1 - It was discovered that the PDO driver in ADOdb was incorrectly handling string quotes. A remote attacker could possibly use this issue to perform SQL injection attacks. This issue only affected Ubuntu 16.04 LTS. It was discovered that ADOdb was incorrectly handling GET parameters in test.php. A remote attacker could possibly use this issue to execute cross-site scripting attacks. This issue only affected Ubuntu 16.04 LTS.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907