Published: 09/01/2006 Updated: 14/02/2024

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Subscribe to Postnuke Software Foundation

The server.php test script in ADOdb for PHP prior to 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote malicious users to execute arbitrary SQL commands via the sql parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postnuke software foundation postnuke 0.761
john lim adodb 4.66
the cacti group cacti 0.8.6g
mantis mantis 1.0.0_rc4
john lim adodb 4.68
moodle moodle 1.5.3
mantis mantis 0.19.4
mediabeez mediabeez

Debian Bug report logs - #349985 various unfixed security bugs Package: libphp-adodb; Maintainer for libphp-adodb is Cameron Dale <camrdale@gmailcom>; Source for libphp-adodb is src:libphp-adodb (PTS, buildd, popcon) Reported by: Florian Weimer <fw@denebenyode> Date: Thu, 26 Jan 2006 13:03:05 UTC Severity: grave ...

Several vulnerabilities have been discovered in libphp-adodb, the 'adodb' database abstraction layer for PHP The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-0146 Andreas Sandblad discovered that improper user input sanitisation results in a potential remote SQL injection vulnerability enabling ...

Several vulnerabilities have been discovered in libphp-adodb, the 'adodb' database abstraction layer for PHP, which is embedded in cacti, a frontend to rrdtool for monitoring systems and services The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-0146 Andreas Sandblad discovered that improper user inp ...

Several vulnerabilities have been discovered in libphp-adodb, the 'adodb' database abstraction layer for PHP, which is embedded in moodle, a course management system for online learning The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-0146 Andreas Sandblad discovered that improper user input sanitis ...

#!/usr/bin/php -q -d short_open_tag=on <? echo "Simplog <= 092 \"s\" remote cmmnds xctn\r\n"; echo "by rgod rgod@autisticiorg\r\n"; echo "site: retrogodaltervistaorg\r\n\r\n"; echo "dork: intext:\"Powered by simplog\"\r\n\r\n"; if ($argc<5) { echo "Usage: php "$argv[0]" host path location cmd OPTIONS\r\n"; echo "host: t ...

CVE-2006-0146

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect