CVE-2006-0146

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2006-0146
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://secunia.com/secunia_research/2005-64/advisory/ Exploit Patch Vendor Advisory
http://www.securityfocus.com/bid/16187 Exploit Patch
http://secunia.com/advisories/17418 Exploit Patch Vendor Advisory
http://secunia.com/advisories/18254 Vendor Advisory
http://secunia.com/advisories/18267 Vendor Advisory
http://secunia.com/advisories/18260 Patch Vendor Advisory
http://secunia.com/advisories/18276 Patch Vendor Advisory
http://secunia.com/advisories/18233 Patch Vendor Advisory
http://www.osvdb.org/22290 Exploit Patch
http://secunia.com/advisories/18720 Patch Vendor Advisory
http://www.xaraya.com/index.php/news/569 Patch
http://www.debian.org/security/2006/dsa-1029 Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-1030 Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-1031 Patch Vendor Advisory
http://secunia.com/advisories/19555 Patch Vendor Advisory
http://secunia.com/advisories/19590 Patch Vendor Advisory
http://secunia.com/advisories/19591 Patch Vendor Advisory
http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html Exploit
http://www.maxdev.com/Article550.phtml
http://secunia.com/advisories/19563 Patch Vendor Advisory
http://secunia.com/advisories/19600 Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml Patch Vendor Advisory
http://secunia.com/advisories/19699 Patch Vendor Advisory
http://secunia.com/advisories/19691 Vendor Advisory
http://secunia.com/advisories/24954 Vendor Advisory
http://securityreason.com/securityalert/713
http://www.vupen.com/english/advisories/2006/1305 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0447 Vendor Advisory
http://www.vupen.com/english/advisories/2006/1419
http://www.vupen.com/english/advisories/2006/0104 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0370 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0102
http://www.vupen.com/english/advisories/2006/1304 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0105 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0103 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0101 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/24051
http://www.securityfocus.com/archive/1/466171/100/0/threaded
http://www.securityfocus.com/archive/1/430448/100/0/threaded
http://www.securityfocus.com/archive/1/423784/100/0/threaded
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:john_lim:adodb:4.66:*:*:*:*:*:*:*
cpe:2.3:a:john_lim:adodb:4.68:*:*:*:*:*:*:*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.761:*:*:*:*:*:*:*
cpe:2.3:a:the_cacti_group:cacti:0.8.6g:*:*:*:*:*:*:*
cpe:2.3:a:mediabeez:mediabeez:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*
Information

Published : 2006-01-09 15:03

Updated : 2018-10-19 08:42

NVD link : CVE-2006-0146

Mitre link : CVE-2006-0146

JSON object : View

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

dedicated server usa
Products Affected

moodle

  • moodle

mediabeez

  • mediabeez

the_cacti_group

  • cacti

john_lim

  • adodb

postnuke_software_foundation

  • postnuke

mantis

  • mantis