Emmet Leahy reported that libphp-adodb, a PHP database abstraction layer library, allows to inject values into a PostgreSQL connection string.
Depending on how the library is used this flaw can result in
authentication bypass, reveal a server IP address or have other
For the oldstable distribution (buster), this problem has been fixed
in version 5.20.14-1+deb10u1.
For the stable distribution (bullseye), this problem has been fixed in
We recommend that you upgrade your libphp-adodb packages.