Mrcnpp

**Name of the Vulnerable Software and Affected Versions** ADOdb version 5.22.10 **Description** Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when connecting to a sqlite3 database and calling the `metaColumns()`, `metaForeignKeys()`, or `metaIndexes()` methods with a crafted table name. The vulnerability exists in the SQLite3 driver. **Recommendations** Only pass controlled data to the `$table` parameter of the `metaColumns()`, `metaForeignKeys()`, and `metaIndexes()` methods.