CVE-2025-46337

Published May 1, 2025

Last updated 11 days ago

CVSS critical 10.0
PHP
ADOdb

Overview

Description
ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pg_insert_id() with user-supplied data. This issue has been patched in version 5.22.9.
Source
security-advisories@github.com
NVD status
Deferred

Risk scores

CVSS 3.1

Type
Secondary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-89

Social media

Hype score
Not currently trending

  1. #Vulnerability #CVE202546337 Critical SQL Injection Vulnerability Found in ADOdb PHP Library – CVE-2025-46337 (CVSS 10.0) https://t.co/haCQiC04kS

    @Komodosec

    26 Jun 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ⚠️ Critical SQLi flaw in ADOdb (CVE-2025-46337) impacts #Ubuntu 25.04/24.10! Attackers can execute arbitrary SQLRead more: 👇https://t.co/birpXUPcOm https://t.co/3SDrDvgloK

    @Cezar_H_Linux

    2 Jun 2025

    35 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. URGENT: Fedora 41 security update patches critical SQL injection flaw (CVE-2025-46337) in PHP-ADOdb PostgreSQL driver. Enterprise PHP apps at risk! Update command: su -c 'dnf upgrade --advisory FEDORA-2025-a32ccde763' Read more: 👉 https://t.co/xY3DnpLGx0 #Fedora #Security ht

    @Cezar_H_Linux

    11 May 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 世界中で280万以上のインストール実績を持つPHPのデータベース抽象化ライブラリ「ADOdb」に重大な脆弱性(CVE-2025-46337)が報告された。 PostgreSQLドライバのpg_insert_id()メソッドにおける不適切なクエリパラメー

    @yousukezan

    5 May 2025

    3025 Impressions

    7 Retweets

    25 Likes

    11 Bookmarks

    0 Replies

    0 Quotes

  5. ⚠️ Vulnerability Alert: Critical SQL Injection Vulnerability in ADOdb PHP Library 📅 Timeline: Disclosure: 2025-05-01, Patch: 2025-05-01 🆔 cveId: CVE-2025-46337 📊 baseScore: 10.0 📏 cvssMetrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L cvssSeverity: C

    @syedaquib77

    5 May 2025

    64 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  6. Critical SQL Injection Vulnerability Found in ADOdb PHP Library – CVE-2025-46337 (CVSS 10.0) https://t.co/1UQAVPV90N

    @Dinosn

    5 May 2025

    971 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  7. Top 5 Trending CVEs: 1 - CVE-2025-3776 2 - CVE-2024-26809 3 - CVE-2025-46337 4 - CVE-2025-26529 5 - CVE-2025-32433 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    4 May 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨 CVE-2025-46337 ⚠️🔴 CRITICAL (10) 🏢 ADOdb - ADOdb 🏗️ < 5.22.9 🔗 https://t.co/50YmRX4hcn 🔗 https://t.co/URfDiMYiYk 🔗 https://t.co/FXJfljkCuu #CyberCron #VulnAlert #InfoSec https://t.co/4WJdQxuuwL

    @cybercronai

    3 May 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 CVE-2025-46337 ⚠️🔴 CRITICAL (10) 🏢 ADOdb - ADOdb 🏗️ < 5.22.9 🔗 https://t.co/50YmRX4hcn 🔗 https://t.co/URfDiMYiYk 🔗 https://t.co/FXJfljkCuu #CyberCron #VulnAlert #InfoSec https://t.co/KP0XCVxmlI

    @cybercronai

    2 May 2025

    1870 Impressions

    3 Retweets

    4 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  10. ⚠️Múltiples vulnerabilidades del kernel de Linux Red Hat ❗CVE-2025-46337 ❗CVE-2025-21927 ❗CVE-2025-22869 ❗CVE-2025-30204 ❗CVE-2025-24209 ➡️Más info: https://t.co/T4ViIi50N9 https://t.co/rpOVorctqA

    @CERTpy

    2 May 2025

    79 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2025-46337 ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query … https://t.co/HMN707zXUO

    @CVEnew

    1 May 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. [CVE-2025-46337: CRITICAL] Vulnerable ADOdb versions allowed SQL injection via pg_insert_id(). Make sure to update to version 5.22.9 to stay protected against cyber attacks. #cybersecurity#cve,CVE-2025-46337,#cybersecurity https://t.co/XieGJGeJDk https://t.co/HodoHUFcgr

    @CveFindCom

    1 May 2025

    21 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server.CVE-2025-6491
  2. Yiiframework Yii Improper Protection of Alternate Path VulnerabilityCVE-2024-58136
  3. YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2.CVE-2025-31131
  4. In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.CVE-2025-1219
  5. PHP-CGI OS Command Injection VulnerabilityCVE-2024-4577

References

Sources include official advisories and independent security research.