The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:05
Type | Values Removed | Values Added |
---|---|---|
References | () http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html - Exploit | |
References | () http://secunia.com/advisories/17418 - Exploit, Patch, Vendor Advisory | |
References | () http://secunia.com/advisories/18233 - Patch, Vendor Advisory | |
References | () http://secunia.com/advisories/18254 - Vendor Advisory | |
References | () http://secunia.com/advisories/18260 - Patch, Vendor Advisory | |
References | () http://secunia.com/advisories/18267 - Vendor Advisory | |
References | () http://secunia.com/advisories/18276 - Patch, Vendor Advisory | |
References | () http://secunia.com/advisories/18720 - Patch, Vendor Advisory | |
References | () http://secunia.com/advisories/19555 - Patch, Vendor Advisory | |
References | () http://secunia.com/advisories/19563 - Patch, Vendor Advisory | |
References | () http://secunia.com/advisories/19590 - Patch, Vendor Advisory | |
References | () http://secunia.com/advisories/19591 - Patch, Vendor Advisory | |
References | () http://secunia.com/advisories/19600 - Vendor Advisory | |
References | () http://secunia.com/advisories/19691 - Vendor Advisory | |
References | () http://secunia.com/advisories/19699 - Patch, Vendor Advisory | |
References | () http://secunia.com/advisories/24954 - Vendor Advisory | |
References | () http://secunia.com/secunia_research/2005-64/advisory/ - Exploit, Patch, Vendor Advisory | |
References | () http://securityreason.com/securityalert/713 - | |
References | () http://www.debian.org/security/2006/dsa-1029 - Patch, Vendor Advisory | |
References | () http://www.debian.org/security/2006/dsa-1030 - Patch, Vendor Advisory | |
References | () http://www.debian.org/security/2006/dsa-1031 - Patch, Vendor Advisory | |
References | () http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml - Patch, Vendor Advisory | |
References | () http://www.maxdev.com/Article550.phtml - URL Repurposed | |
References | () http://www.osvdb.org/22290 - Exploit, Patch | |
References | () http://www.securityfocus.com/archive/1/423784/100/0/threaded - | |
References | () http://www.securityfocus.com/archive/1/430448/100/0/threaded - | |
References | () http://www.securityfocus.com/archive/1/466171/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/16187 - Exploit, Patch | |
References | () http://www.vupen.com/english/advisories/2006/0101 - Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2006/0102 - | |
References | () http://www.vupen.com/english/advisories/2006/0103 - Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2006/0104 - Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2006/0105 - Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2006/0370 - Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2006/0447 - Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2006/1304 - Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2006/1305 - Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2006/1419 - | |
References | () http://www.xaraya.com/index.php/news/569 - Patch | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/24051 - |
14 Feb 2024, 01:17
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.maxdev.com/Article550.phtml - URL Repurposed |
Information
Published : 2006-01-09 23:03
Updated : 2024-11-21 00:05
NVD link : CVE-2006-0146
Mitre link : CVE-2006-0146
CVE.ORG link : CVE-2006-0146
JSON object : View
Products Affected
mantis
- mantis
the_cacti_group
- cacti
postnuke_software_foundation
- postnuke
moodle
- moodle
john_lim
- adodb
mediabeez
- mediabeez
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')