Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200602-02] ADOdb: PostgresSQL command injection Vulnerability Scan
Vulnerability Scan Summary
ADOdb: PostgresSQL command injection
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200602-02
(ADOdb: PostgresSQL command injection)
Andy Staudacher discovered that ADOdb does not properly sanitize
By sending specifically crafted requests to an application that
uses ADOdb and a PostgreSQL backend, a possible hacker might exploit the flaw
to execute arbitrary SQL queries on the host.
There is no known workaround at this time.
All ADOdb users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-php/adodb-4.71"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.