Advisories » MGASA-2025-0179

Updated php-adodb packages fix security vulnerability

Publication date: 08 Jun 2025
Modification date: 08 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-46337

Description

ADOdb is a PHP database class library that provides abstractions for
performing queries and managing databases. Prior to version 5.22.9,
improper escaping of a query parameter may allow an attacker to execute
arbitrary SQL statements when the code using ADOdb connects to a
PostgreSQL database and calls pg_insert_id() with user-supplied data.
This issue has been patched in version 5.22.9 - CVE-2025-46337.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34339
• https://ubuntu.com/security/notices/USN-7530-1
• https://github.com/ADOdb/ADOdb/releases/tag/v5.22.9
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46337

SRPMS

9/core

• php-adodb-5.22.9-1.mga9