oss-sec mailing list archives

Re: ADOdb PDO driver: incorrect quoting may allow SQL injection

From: Damien Regad <dregad () mantisbt org>
Date: Thu, 15 Sep 2016 09:43:04 +0200

cve-assign wrote:

Because "security" is still present in the title and labels of 226,
we're making the conclusion that this is a security problem and
assigning an ID, CVE-2016-7405.


Thank you.

The current situation is that the CVE Team at MITRE receives both the
oss-security messages and the https://cveform.mitre.org form output.
We let people choose either method for obtaining a CVE ID from us,
depending on their disclosure goals, their perspective about open
pre-assignment discussion, or other factors.


Thanks for the clarification.

Current thread:

ADOdb PDO driver: incorrect quoting may allow SQL injection Damien Regad (Sep 07)
- Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Damien Regad (Sep 13)
  - Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Andreas Stieger (Sep 14)
  - Message not available
    - Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Anonymous (Sep 14)
    - Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Moritz Muehlenhoff (Sep 14)
    - Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Kurt Seifried (Sep 14)
    - Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Jeremy Stanley (Sep 14)
    - Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Seth Arnold (Sep 14)
    - Re: Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Kurt Seifried (Sep 14)
- Re: ADOdb PDO driver: incorrect quoting may allow SQL injection cve-assign (Sep 14)
  - Re: ADOdb PDO driver: incorrect quoting may allow SQL injection Damien Regad (Sep 15)