Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP prior to 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote malicious users to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
moodle moodle 1.5.3 |
||
postnuke software foundation postnuke 0.761 |
||
the cacti group cacti 0.8.6g |
||
mantis mantis 0.19.4 |
||
mantis mantis 1.0.0_rc4 |
||
john lim adodb 4.66 |
||
john lim adodb 4.68 |