![\"\"](\"https:\/\/infosec.new88088.net\/wp-content\/uploads\/sites\/20\/2026\/02\/1747976330748-300x167.png\")
<\/p>\nM\u1ed9t l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt \u0111\u1eb7c bi\u1ec7t nghi\u00eam tr\u1ecdng v\u1eeba \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n trong th\u01b0 vi\u1ec7n ADOdb \u2013 m\u1ed9t th\u01b0 vi\u1ec7n truy xu\u1ea5t c\u01a1 s\u1edf d\u1eef li\u1ec7u ph\u1ed5 bi\u1ebfn d\u00e0nh cho PHP, \u0111ang \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng r\u1ed9ng r\u00e3i trong nhi\u1ec1u \u1ee9ng d\u1ee5ng web v\u00e0 h\u1ec7 th\u1ed1ng doanh nghi\u1ec7p. L\u1ed7 h\u1ed5ng n\u00e0y \u0111\u01b0\u1ee3c \u0111\u1ecbnh danh l\u00e0 CVE-2025-46337, \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn t\u1ea5t c\u1ea3 c\u00e1c phi\u00ean b\u1ea3n ADOdb tr\u01b0\u1edbc 5.22.9 v\u00e0 \u0111\u01b0\u1ee3c \u0111\u00e1nh gi\u00e1 v\u1edbi \u0111i\u1ec3m CVSS t\u1ed1i \u0111a 10, m\u1ee9c \u0111\u1ed9 nghi\u00eam tr\u1ecdng cao nh\u1ea5t theo thang \u0111o chu\u1ea9n qu\u1ed1c t\u1ebf.<\/p>\n
<\/p>\n
Nguy\u00ean nh\u00e2n c\u1ee7a l\u1ed7 h\u1ed5ng xu\u1ea5t ph\u00e1t t\u1eeb vi\u1ec7c th\u01b0 vi\u1ec7n ADOdb x\u1eed l\u00fd kh\u00f4ng an to\u00e0n d\u1eef li\u1ec7u \u0111\u1ea7u v\u00e0o do ng\u01b0\u1eddi d\u00f9ng cung c\u1ea5p khi d\u1eef li\u1ec7u n\u00e0y \u0111\u01b0\u1ee3c truy\u1ec1n v\u00e0o tham s\u1ed1 $fieldname c\u1ee7a h\u00e0m pg_insert_id(). Trong qu\u00e1 tr\u00ecnh x\u00e2y d\u1ef1ng truy v\u1ea5n SQL, tham s\u1ed1 n\u00e0y kh\u00f4ng \u0111\u01b0\u1ee3c ki\u1ec3m tra, r\u00e0ng bu\u1ed9c ho\u1eb7c l\u00e0m s\u1ea1ch \u0111\u00fang c\u00e1ch, t\u1ea1o \u0111i\u1ec1u ki\u1ec7n \u0111\u1ec3 k\u1ebb t\u1ea5n c\u00f4ng ch\u00e8n c\u00e1c \u0111o\u1ea1n m\u00e3 SQL \u0111\u1ed9c h\u1ea1i. \u0110\u00e2y l\u00e0 m\u1ed9t d\u1ea1ng SQL Injection, m\u1ed9t trong nh\u1eefng l\u1ed7 h\u1ed5ng ph\u1ed5 bi\u1ebfn nh\u01b0ng c\u0169ng nguy hi\u1ec3m nh\u1ea5t \u0111\u1ed1i v\u1edbi c\u00e1c \u1ee9ng d\u1ee5ng web k\u1ebft n\u1ed1i c\u01a1 s\u1edf d\u1eef li\u1ec7u.<\/p>\n
V\u1ecb tr\u00ed ch\u1ecbu \u1ea3nh h\u01b0\u1edfng tr\u1ef1c ti\u1ebfp l\u00e0 h\u00e0m pg_insert_id() trong tr\u00ecnh \u0111i\u1ec1u khi\u1ec3n PostgreSQL c\u1ee7a ADOdb. L\u1ed7 h\u1ed5ng t\u00e1c \u0111\u1ed9ng \u0111\u1ebfn nhi\u1ec1u driver PostgreSQL kh\u00e1c nhau, bao g\u1ed3m postgres64, postgres7, postgres8 v\u00e0 postgres9, khi\u1ebfn ph\u1ea1m vi \u1ea3nh h\u01b0\u1edfng tr\u1edf n\u00ean r\u1ed9ng, \u0111\u1eb7c bi\u1ec7t v\u1edbi c\u00e1c h\u1ec7 th\u1ed1ng c\u0169 ho\u1eb7c ch\u01b0a \u0111\u01b0\u1ee3c c\u1eadp nh\u1eadt th\u01b0\u1eddng xuy\u00ean. Do ADOdb th\u01b0\u1eddng \u0111\u01b0\u1ee3c t\u00edch h\u1ee3p s\u00e2u trong t\u1ea7ng truy c\u1eadp d\u1eef li\u1ec7u c\u1ee7a \u1ee9ng d\u1ee5ng, l\u1ed7 h\u1ed5ng n\u00e0y c\u00f3 th\u1ec3 b\u1ecb khai th\u00e1c m\u00e0 kh\u00f4ng d\u1ec5 d\u00e0ng b\u1ecb ph\u00e1t hi\u1ec7n.<\/p>\n
N\u1ebfu b\u1ecb khai th\u00e1c th\u00e0nh c\u00f4ng, CVE-2025-46337 c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn nhi\u1ec1u h\u1eadu qu\u1ea3 nghi\u00eam tr\u1ecdng. K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 th\u1ef1c thi c\u00e1c c\u00e2u l\u1ec7nh SQL t\u00f9y \u00fd, truy c\u1eadp tr\u00e1i ph\u00e9p v\u00e0o d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m, ch\u1ec9nh s\u1eeda ho\u1eb7c x\u00f3a to\u00e0n b\u1ed9 b\u1ea3ng d\u1eef li\u1ec7u trong c\u01a1 s\u1edf d\u1eef li\u1ec7u. Trong nh\u1eefng k\u1ecbch b\u1ea3n nguy hi\u1ec3m h\u01a1n, n\u1ebfu t\u00e0i kho\u1ea3n c\u01a1 s\u1edf d\u1eef li\u1ec7u m\u00e0 \u1ee9ng d\u1ee5ng s\u1eed d\u1ee5ng c\u00f3 quy\u1ec1n cao, k\u1ebb t\u1ea5n c\u00f4ng th\u1eadm ch\u00ed c\u00f3 th\u1ec3 chi\u1ebfm quy\u1ec1n ki\u1ec3m so\u00e1t to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng c\u01a1 s\u1edf d\u1eef li\u1ec7u, l\u00e0m gi\u00e1n \u0111o\u1ea1n d\u1ecbch v\u1ee5 ho\u1eb7c g\u00e2y th\u1ea5t tho\u00e1t d\u1eef li\u1ec7u nghi\u00eam tr\u1ecdng.<\/p>\n
R\u1ee7i ro \u0111\u1eb7c bi\u1ec7t cao khi d\u1eef li\u1ec7u truy\u1ec1n v\u00e0o tham s\u1ed1 $fieldname \u0111\u01b0\u1ee3c l\u1ea5y tr\u1ef1c ti\u1ebfp t\u1eeb c\u00e1c HTTP request, bi\u1ec3u m\u1eabu ng\u01b0\u1eddi d\u00f9ng ho\u1eb7c c\u00e1c tham s\u1ed1 URL m\u00e0 kh\u00f4ng qua ki\u1ec3m so\u00e1t ch\u1eb7t ch\u1ebd. Trong tr\u01b0\u1eddng h\u1ee3p n\u00e0y, k\u1ebb t\u1ea5n c\u00f4ng ch\u1ec9 c\u1ea7n g\u1eedi m\u1ed9t y\u00eau c\u1ea7u \u0111\u01b0\u1ee3c ch\u1ebf t\u1ea1o s\u1eb5n \u0111\u1ec3 ki\u1ec3m so\u00e1t lu\u1ed3ng th\u1ef1c thi SQL, t\u1eeb \u0111\u00f3 \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u, ph\u00e1 ho\u1ea1i h\u1ec7 th\u1ed1ng ho\u1eb7c m\u1edf \u0111\u01b0\u1eddng cho c\u00e1c h\u00ecnh th\u1ee9c t\u1ea5n c\u00f4ng s\u00e2u h\u01a1n, bao g\u1ed3m c\u1ea3 th\u1ef1c thi m\u00e3 t\u1eeb xa t\u00f9y theo c\u1ea5u h\u00ecnh h\u1ec7 th\u1ed1ng v\u00e0 quy\u1ec1n h\u1ea1n c\u1ee7a c\u01a1 s\u1edf d\u1eef li\u1ec7u.<\/p>\n
Tr\u01b0\u1edbc m\u1ed1i \u0111e d\u1ecda nghi\u00eam tr\u1ecdng n\u00e0y, c\u00e1c nh\u00e0 ph\u00e1t tri\u1ec3n v\u00e0 qu\u1ea3n tr\u1ecb h\u1ec7 th\u1ed1ng \u0111\u01b0\u1ee3c khuy\u1ebfn c\u00e1o c\u1eadp nh\u1eadt ngay l\u00ean phi\u00ean b\u1ea3n ADOdb 5.22.9, trong \u0111\u00f3 l\u1ed7 h\u1ed5ng \u0111\u00e3 \u0111\u01b0\u1ee3c kh\u1eafc ph\u1ee5c th\u00f4ng qua b\u1ea3n v\u00e1 ch\u00ednh th\u1ee9c (commit 11107d6). \u0110\u1ed1i v\u1edbi c\u00e1c h\u1ec7 th\u1ed1ng ch\u01b0a th\u1ec3 n\u00e2ng c\u1ea5p ngay v\u00ec l\u00fd do t\u01b0\u01a1ng th\u00edch ho\u1eb7c v\u1eadn h\u00e0nh, c\u1ea7n \u00e1p d\u1ee5ng bi\u1ec7n ph\u00e1p gi\u1ea3m thi\u1ec3u t\u1ea1m th\u1eddi nh\u01b0 ki\u1ec3m so\u00e1t ch\u1eb7t ch\u1ebd d\u1eef li\u1ec7u truy\u1ec1n v\u00e0o tham s\u1ed1 $fieldname, \u0111\u1ed3ng th\u1eddi s\u1eed d\u1ee5ng h\u00e0m pg_escape_identifier() \u0111\u1ec3 x\u1eed l\u00fd an to\u00e0n tr\u01b0\u1edbc khi \u0111\u01b0a v\u00e0o truy v\u1ea5n SQL.<\/p>\n
Vi\u1ec7c ch\u1ee7 \u0111\u1ed9ng c\u1eadp nh\u1eadt v\u00e0 ki\u1ec3m so\u00e1t \u0111\u1ea7u v\u00e0o kh\u00f4ng ch\u1ec9 gi\u00fap lo\u1ea1i b\u1ecf nguy c\u01a1 t\u1eeb CVE-2025-46337 m\u00e0 c\u00f2n g\u00f3p ph\u1ea7n n\u00e2ng cao m\u1ee9c \u0111\u1ed9 an to\u00e0n t\u1ed5ng th\u1ec3 cho c\u00e1c \u1ee9ng d\u1ee5ng PHP s\u1eed d\u1ee5ng ADOdb trong b\u1ed1i c\u1ea3nh c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng ng\u00e0y c\u00e0ng tinh vi v\u00e0 c\u00f3 ch\u1ee7 \u0111\u00edch.<\/p>\n","protected":false},"excerpt":{"rendered":"
M\u1ed9t l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt \u0111\u1eb7c bi\u1ec7t nghi\u00eam tr\u1ecdng v\u1eeba \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n trong th\u01b0 vi\u1ec7n ADOdb \u2013 m\u1ed9t th\u01b0 vi\u1ec7n truy xu\u1ea5t c\u01a1 s\u1edf d\u1eef li\u1ec7u ph\u1ed5 bi\u1ebfn d\u00e0nh cho PHP, \u0111ang \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng r\u1ed9ng r\u00e3i trong nhi\u1ec1u \u1ee9ng d\u1ee5ng web v\u00e0 h\u1ec7 th\u1ed1ng doanh nghi\u1ec7p. L\u1ed7 h\u1ed5ng n\u00e0y \u0111\u01b0\u1ee3c \u0111\u1ecbnh danh l\u00e0 […]<\/p>\n","protected":false},"author":46,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[],"class_list":["post-10365","post","type-post","status-publish","format-standard","hentry","category-tin-tuc-cua-vien"],"_links":{"self":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts\/10365","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/users\/46"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/comments?post=10365"}],"version-history":[{"count":0,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/posts\/10365\/revisions"}],"wp:attachment":[{"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/media?parent=10365"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/categories?post=10365"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosec.new88088.net\/wp-json\/wp\/v2\/tags?post=10365"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}