| Package | libphp-adodb |
|---|---|
| Version | 5.15-1+deb8u2 |
| Related CVEs | CVE-2021-3850 |
It was found that in libphp-adodb, a PHP database abstraction layer library, an attacker can inject values into the PostgreSQL connection string by bypassing adodb_addslashes(). The function can be bypassed in phppgadmin, for example, by surrounding the username in quotes and submitting with other parameters injected in between.
For Debian 8 jessie, these problems have been fixed in version 5.15-1+deb8u2.
We recommend that you upgrade your libphp-adodb packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.