vulnerability

Debian: CVE-2025-54119: libphp-adodb -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:P)	Oct 22, 2025	Oct 22, 2025	Oct 22, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:P)

Published

Oct 22, 2025

Added

Oct 22, 2025

Modified

Oct 22, 2025

Description

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. This is fixed in version 5.22.10. To workaround this issue, only pass controlled data to metaColumns(), metaForeignKeys() and metaIndexes() method's $table parameter.

Solution

debian-upgrade-libphp-adodb

References

CVE-2025-54119
https://attackerkb.com/topics/CVE-2025-54119
CWE-89
DEBIAN-DLA-4340-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today