CVE-2025-54119

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03", "name": "https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03", "tags": [], "refsource": ""}, {"url": "https://github.com/ADOdb/ADOdb/issues/1083", "name": "https://github.com/ADOdb/ADOdb/issues/1083", "tags": [], "refsource": ""}, {"url": "https://github.com/ADOdb/ADOdb/security/advisories/GHSA-vf2r-cxg9-p7rf", "name": "https://github.com/ADOdb/ADOdb/security/advisories/GHSA-vf2r-cxg9-p7rf", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. This is fixed in version 5.22.10. To workaround this issue, only pass controlled data to metaColumns(), metaForeignKeys() and metaIndexes() method's $table parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-89"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-54119", "ASSIGNER": "security-advisories@github.com"}}, "impact": {}, "publishedDate": "2025-08-05T01:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-08-05T01:15Z"}