CVE-2006-0146

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-0146
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html Exploit
http://secunia.com/advisories/17418 Exploit Patch Vendor Advisory
http://secunia.com/advisories/18233 Patch Vendor Advisory
http://secunia.com/advisories/18254 Vendor Advisory
http://secunia.com/advisories/18260 Patch Vendor Advisory
http://secunia.com/advisories/18267 Vendor Advisory
http://secunia.com/advisories/18276 Patch Vendor Advisory
http://secunia.com/advisories/18720 Patch Vendor Advisory
http://secunia.com/advisories/19555 Patch Vendor Advisory
http://secunia.com/advisories/19563 Patch Vendor Advisory
http://secunia.com/advisories/19590 Patch Vendor Advisory
http://secunia.com/advisories/19591 Patch Vendor Advisory
http://secunia.com/advisories/19600 Vendor Advisory
http://secunia.com/advisories/19691 Vendor Advisory
http://secunia.com/advisories/19699 Patch Vendor Advisory
http://secunia.com/advisories/24954 Vendor Advisory
http://secunia.com/secunia_research/2005-64/advisory/ Exploit Patch Vendor Advisory
http://securityreason.com/securityalert/713
http://www.debian.org/security/2006/dsa-1029 Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-1030 Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-1031 Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml Patch Vendor Advisory
http://www.maxdev.com/Article550.phtml URL Repurposed
http://www.osvdb.org/22290 Exploit Patch
http://www.securityfocus.com/archive/1/423784/100/0/threaded
http://www.securityfocus.com/archive/1/430448/100/0/threaded
http://www.securityfocus.com/archive/1/466171/100/0/threaded
http://www.securityfocus.com/bid/16187 Exploit Patch
http://www.vupen.com/english/advisories/2006/0101 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0102
http://www.vupen.com/english/advisories/2006/0103 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0104 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0105 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0370 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0447 Vendor Advisory
http://www.vupen.com/english/advisories/2006/1304 Vendor Advisory
http://www.vupen.com/english/advisories/2006/1305 Vendor Advisory
http://www.vupen.com/english/advisories/2006/1419
http://www.xaraya.com/index.php/news/569 Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/24051
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:john_lim:adodb:4.66:*:*:*:*:*:*:*
cpe:2.3:a:john_lim:adodb:4.68:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*
cpe:2.3:a:mediabeez:mediabeez:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.761:*:*:*:*:*:*:*
cpe:2.3:a:the_cacti_group:cacti:0.8.6g:*:*:*:*:*:*:*
History

No history.

Information

Published : 2006-01-09 23:03

Updated : 2024-02-14 01:17

NVD link : CVE-2006-0146

Mitre link : CVE-2006-0146

CVE.ORG link : CVE-2006-0146

JSON object : View

Products Affected

mantis

  • mantis

the_cacti_group

  • cacti

john_lim

  • adodb

moodle

  • moodle

mediabeez

  • mediabeez

postnuke_software_foundation

  • postnuke
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')