Ubuntu Local Security Checks : Ubuntu: Security Advisory (USN-6825-1)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.12.2024.6825.1

Category: Ubuntu Local Security Checks

Title: Ubuntu: Security Advisory (USN-6825-1)

Summary: The remote host is missing an update for the 'libphp-adodb' package(s) announced via the USN-6825-1 advisory.

Description: Summary:
The remote host is missing an update for the 'libphp-adodb' package(s) announced via the USN-6825-1 advisory.

Vulnerability Insight:
It was discovered that the PDO driver in ADOdb was incorrectly handling
string quotes. A remote attacker could possibly use this issue to
perform SQL injection attacks. This issue only affected Ubuntu 16.04 LTS.
(CVE-2016-7405)

It was discovered that ADOdb was incorrectly handling GET parameters in
test.php. A remote attacker could possibly use this issue to execute
cross-site scripting (XSS) attacks. This issue only affected Ubuntu
16.04 LTS. (CVE-2016-4855)

Emmet Leahy discovered that ADOdb was incorrectly handling string quotes
in PostgreSQL connections. A remote attacker could possibly use this issue
to bypass authentication. (CVE-2021-3850)

Affected Software/OS:
'libphp-adodb' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-4855
BugTraq ID: 92753
http://www.securityfocus.com/bid/92753
https://security.gentoo.org/glsa/201701-59
http://jvn.jp/en/jp/JVN48237713/index.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-7405
BugTraq ID: 92969
http://www.securityfocus.com/bid/92969
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/
http://www.openwall.com/lists/oss-security/2016/09/07/8
http://www.openwall.com/lists/oss-security/2016/09/15/1
Common Vulnerability Exposure (CVE) ID: CVE-2021-3850
https://huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c
Debian Security Information: DSA-5101 (Google Search)
https://www.debian.org/security/2022/dsa-5101
https://github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29
https://lists.debian.org/debian-lts-announce/2022/02/msg00006.html

Copyright Copyright (C) 2024 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.12.2024.6825.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-6825-1)
Summary:	The remote host is missing an update for the 'libphp-adodb' package(s) announced via the USN-6825-1 advisory.
Description:	Summary: The remote host is missing an update for the 'libphp-adodb' package(s) announced via the USN-6825-1 advisory. Vulnerability Insight: It was discovered that the PDO driver in ADOdb was incorrectly handling string quotes. A remote attacker could possibly use this issue to perform SQL injection attacks. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-7405) It was discovered that ADOdb was incorrectly handling GET parameters in test.php. A remote attacker could possibly use this issue to execute cross-site scripting (XSS) attacks. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-4855) Emmet Leahy discovered that ADOdb was incorrectly handling string quotes in PostgreSQL connections. A remote attacker could possibly use this issue to bypass authentication. (CVE-2021-3850) Affected Software/OS: 'libphp-adodb' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-4855 BugTraq ID: 92753 http://www.securityfocus.com/bid/92753 https://security.gentoo.org/glsa/201701-59 http://jvn.jp/en/jp/JVN48237713/index.html Common Vulnerability Exposure (CVE) ID: CVE-2016-7405 BugTraq ID: 92969 http://www.securityfocus.com/bid/92969 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LT3WU77BRUJREZUYQ3ZQBMUIVIVIND4Y/ http://www.openwall.com/lists/oss-security/2016/09/07/8 http://www.openwall.com/lists/oss-security/2016/09/15/1 Common Vulnerability Exposure (CVE) ID: CVE-2021-3850 https://huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c Debian Security Information: DSA-5101 (Google Search) https://www.debian.org/security/2022/dsa-5101 https://github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29 https://lists.debian.org/debian-lts-announce/2022/02/msg00006.html
Copyright	Copyright (C) 2024 Greenbone AG