Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN271

_____________________________________________________________________

DATE                : 02/05/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running adodb-php (Composer) versions
                                 prior to 5.22.9.

=====================================================================
https://github.com/ADOdb/ADOdb/security/advisories/GHSA-8x27-jwjr-8545
_____________________________________________________________________

SQL injection in ADOdb PostgreSQL driver pg_insert_id() method
Critical
dregad published GHSA-8x27-jwjr-8545 May 1, 2025

Package
adodb/adodb-php (Composer)

Affected versions
<=5.22.8

Patched versions
5.22.9


Description

Improper escaping of a query parameter may allow an attacker to
execute arbitrary SQL statements when the code using ADOdb
connects to a PostgreSQL database and calls pg_insert_id() with
user-supplied data.

Note that the indicated Severity corresponds to a worst-case
usage scenario.


Impact

PostgreSQL drivers (postgres64, postgres7, postgres8, postgres9).


Patches

Vulnerability is fixed in ADOdb 5.22.9 (11107d6).
Workarounds

Only pass controlled data to pg_insert_id() method's $fieldname
parameter, or escape it with pg_escape_identifier() first.
References

    Issue #1070
    Blog post by Marco Nappi

Credits

Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability.


Severity
Critical

10.0/ 10

CVSS v3 base metrics
Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
Low
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

CVE ID
CVE-2025-46337

Weaknesses
CWE-89

Credits

    @mrcnpp mrcnpp Finder
    @dregad dregad Remediation developer


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================