{"id":"CVE-2025-46337","summary":"SQL injection in ADOdb PostgreSQL driver pg_insert_id() method","details":"ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Prior to version 5.22.9, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pg_insert_id() with user-supplied data. This issue has been patched in version 5.22.9.","aliases":["GHSA-8x27-jwjr-8545"],"modified":"2026-04-10T05:28:26.442517Z","published":"2025-05-01T17:20:10.658Z","related":["MGASA-2025-0179"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/46xxx/CVE-2025-46337.json","cwe_ids":["CWE-89"],"cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00029.html"},{"type":"ADVISORY","url":"https://github.com/ADOdb/ADOdb/security/advisories/GHSA-8x27-jwjr-8545"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/46xxx/CVE-2025-46337.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-46337"},{"type":"REPORT","url":"https://github.com/ADOdb/ADOdb/issues/1070"},{"type":"FIX","url":"https://github.com/ADOdb/ADOdb/commit/11107d6d6e5160b62e05dff8a3a2678cf0e3a426"},{"type":"ARTICLE","url":"https://xaliom.blogspot.com/2025/05/from-sast-to-cve-2025-46337.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/adodb/adodb","events":[{"introduced":"0"},{"fixed":"a568bfeb72d6b5942df747adc36b95165a083e60"}]}],"versions":["v5.00beta","v5.01beta","v5.02","v5.02a","v5.03","v5.04","v5.05","v5.06","v5.07","v5.08","v5.08a","v5.09","v5.09a","v5.10","v5.11","v5.12","v5.13","v5.14","v5.15","v5.16","v5.16a","v5.17","v5.18","v5.18a","v5.19","v5.20.0","v5.21.0-beta.1","v5.22.0","v5.22.1","v5.22.2","v5.22.3","v5.22.4","v5.22.5","v5.22.6","v5.22.7","v5.22.8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-46337.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L"}]}