CVE-2006-0146

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
References
Link Resource
http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html Exploit
http://secunia.com/advisories/17418 Exploit Patch Vendor Advisory
http://secunia.com/advisories/18233 Patch Vendor Advisory
http://secunia.com/advisories/18254 Vendor Advisory
http://secunia.com/advisories/18260 Patch Vendor Advisory
http://secunia.com/advisories/18267 Vendor Advisory
http://secunia.com/advisories/18276 Patch Vendor Advisory
http://secunia.com/advisories/18720 Patch Vendor Advisory
http://secunia.com/advisories/19555 Patch Vendor Advisory
http://secunia.com/advisories/19563 Patch Vendor Advisory
http://secunia.com/advisories/19590 Patch Vendor Advisory
http://secunia.com/advisories/19591 Patch Vendor Advisory
http://secunia.com/advisories/19600 Vendor Advisory
http://secunia.com/advisories/19691 Vendor Advisory
http://secunia.com/advisories/19699 Patch Vendor Advisory
http://secunia.com/advisories/24954 Vendor Advisory
http://secunia.com/secunia_research/2005-64/advisory/ Exploit Patch Vendor Advisory
http://securityreason.com/securityalert/713
http://www.debian.org/security/2006/dsa-1029 Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-1030 Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-1031 Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml Patch Vendor Advisory
http://www.maxdev.com/Article550.phtml URL Repurposed
http://www.osvdb.org/22290 Exploit Patch
http://www.securityfocus.com/archive/1/423784/100/0/threaded
http://www.securityfocus.com/archive/1/430448/100/0/threaded
http://www.securityfocus.com/archive/1/466171/100/0/threaded
http://www.securityfocus.com/bid/16187 Exploit Patch
http://www.vupen.com/english/advisories/2006/0101 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0102
http://www.vupen.com/english/advisories/2006/0103 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0104 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0105 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0370 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0447 Vendor Advisory
http://www.vupen.com/english/advisories/2006/1304 Vendor Advisory
http://www.vupen.com/english/advisories/2006/1305 Vendor Advisory
http://www.vupen.com/english/advisories/2006/1419
http://www.xaraya.com/index.php/news/569 Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/24051
http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html Exploit
http://secunia.com/advisories/17418 Exploit Patch Vendor Advisory
http://secunia.com/advisories/18233 Patch Vendor Advisory
http://secunia.com/advisories/18254 Vendor Advisory
http://secunia.com/advisories/18260 Patch Vendor Advisory
http://secunia.com/advisories/18267 Vendor Advisory
http://secunia.com/advisories/18276 Patch Vendor Advisory
http://secunia.com/advisories/18720 Patch Vendor Advisory
http://secunia.com/advisories/19555 Patch Vendor Advisory
http://secunia.com/advisories/19563 Patch Vendor Advisory
http://secunia.com/advisories/19590 Patch Vendor Advisory
http://secunia.com/advisories/19591 Patch Vendor Advisory
http://secunia.com/advisories/19600 Vendor Advisory
http://secunia.com/advisories/19691 Vendor Advisory
http://secunia.com/advisories/19699 Patch Vendor Advisory
http://secunia.com/advisories/24954 Vendor Advisory
http://secunia.com/secunia_research/2005-64/advisory/ Exploit Patch Vendor Advisory
http://securityreason.com/securityalert/713
http://www.debian.org/security/2006/dsa-1029 Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-1030 Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-1031 Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml Patch Vendor Advisory
http://www.maxdev.com/Article550.phtml URL Repurposed
http://www.osvdb.org/22290 Exploit Patch
http://www.securityfocus.com/archive/1/423784/100/0/threaded
http://www.securityfocus.com/archive/1/430448/100/0/threaded
http://www.securityfocus.com/archive/1/466171/100/0/threaded
http://www.securityfocus.com/bid/16187 Exploit Patch
http://www.vupen.com/english/advisories/2006/0101 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0102
http://www.vupen.com/english/advisories/2006/0103 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0104 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0105 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0370 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0447 Vendor Advisory
http://www.vupen.com/english/advisories/2006/1304 Vendor Advisory
http://www.vupen.com/english/advisories/2006/1305 Vendor Advisory
http://www.vupen.com/english/advisories/2006/1419
http://www.xaraya.com/index.php/news/569 Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/24051
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:john_lim:adodb:4.66:*:*:*:*:*:*:*
cpe:2.3:a:john_lim:adodb:4.68:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*
cpe:2.3:a:mediabeez:mediabeez:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.761:*:*:*:*:*:*:*
cpe:2.3:a:the_cacti_group:cacti:0.8.6g:*:*:*:*:*:*:*

History

21 Nov 2024, 00:05

Type Values Removed Values Added
References () http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html - Exploit () http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html - Exploit
References () http://secunia.com/advisories/17418 - Exploit, Patch, Vendor Advisory () http://secunia.com/advisories/17418 - Exploit, Patch, Vendor Advisory
References () http://secunia.com/advisories/18233 - Patch, Vendor Advisory () http://secunia.com/advisories/18233 - Patch, Vendor Advisory
References () http://secunia.com/advisories/18254 - Vendor Advisory () http://secunia.com/advisories/18254 - Vendor Advisory
References () http://secunia.com/advisories/18260 - Patch, Vendor Advisory () http://secunia.com/advisories/18260 - Patch, Vendor Advisory
References () http://secunia.com/advisories/18267 - Vendor Advisory () http://secunia.com/advisories/18267 - Vendor Advisory
References () http://secunia.com/advisories/18276 - Patch, Vendor Advisory () http://secunia.com/advisories/18276 - Patch, Vendor Advisory
References () http://secunia.com/advisories/18720 - Patch, Vendor Advisory () http://secunia.com/advisories/18720 - Patch, Vendor Advisory
References () http://secunia.com/advisories/19555 - Patch, Vendor Advisory () http://secunia.com/advisories/19555 - Patch, Vendor Advisory
References () http://secunia.com/advisories/19563 - Patch, Vendor Advisory () http://secunia.com/advisories/19563 - Patch, Vendor Advisory
References () http://secunia.com/advisories/19590 - Patch, Vendor Advisory () http://secunia.com/advisories/19590 - Patch, Vendor Advisory
References () http://secunia.com/advisories/19591 - Patch, Vendor Advisory () http://secunia.com/advisories/19591 - Patch, Vendor Advisory
References () http://secunia.com/advisories/19600 - Vendor Advisory () http://secunia.com/advisories/19600 - Vendor Advisory
References () http://secunia.com/advisories/19691 - Vendor Advisory () http://secunia.com/advisories/19691 - Vendor Advisory
References () http://secunia.com/advisories/19699 - Patch, Vendor Advisory () http://secunia.com/advisories/19699 - Patch, Vendor Advisory
References () http://secunia.com/advisories/24954 - Vendor Advisory () http://secunia.com/advisories/24954 - Vendor Advisory
References () http://secunia.com/secunia_research/2005-64/advisory/ - Exploit, Patch, Vendor Advisory () http://secunia.com/secunia_research/2005-64/advisory/ - Exploit, Patch, Vendor Advisory
References () http://securityreason.com/securityalert/713 - () http://securityreason.com/securityalert/713 -
References () http://www.debian.org/security/2006/dsa-1029 - Patch, Vendor Advisory () http://www.debian.org/security/2006/dsa-1029 - Patch, Vendor Advisory
References () http://www.debian.org/security/2006/dsa-1030 - Patch, Vendor Advisory () http://www.debian.org/security/2006/dsa-1030 - Patch, Vendor Advisory
References () http://www.debian.org/security/2006/dsa-1031 - Patch, Vendor Advisory () http://www.debian.org/security/2006/dsa-1031 - Patch, Vendor Advisory
References () http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml - Patch, Vendor Advisory () http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml - Patch, Vendor Advisory
References () http://www.maxdev.com/Article550.phtml - URL Repurposed () http://www.maxdev.com/Article550.phtml - URL Repurposed
References () http://www.osvdb.org/22290 - Exploit, Patch () http://www.osvdb.org/22290 - Exploit, Patch
References () http://www.securityfocus.com/archive/1/423784/100/0/threaded - () http://www.securityfocus.com/archive/1/423784/100/0/threaded -
References () http://www.securityfocus.com/archive/1/430448/100/0/threaded - () http://www.securityfocus.com/archive/1/430448/100/0/threaded -
References () http://www.securityfocus.com/archive/1/466171/100/0/threaded - () http://www.securityfocus.com/archive/1/466171/100/0/threaded -
References () http://www.securityfocus.com/bid/16187 - Exploit, Patch () http://www.securityfocus.com/bid/16187 - Exploit, Patch
References () http://www.vupen.com/english/advisories/2006/0101 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/0101 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2006/0102 - () http://www.vupen.com/english/advisories/2006/0102 -
References () http://www.vupen.com/english/advisories/2006/0103 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/0103 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2006/0104 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/0104 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2006/0105 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/0105 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2006/0370 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/0370 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2006/0447 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/0447 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2006/1304 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/1304 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2006/1305 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/1305 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2006/1419 - () http://www.vupen.com/english/advisories/2006/1419 -
References () http://www.xaraya.com/index.php/news/569 - Patch () http://www.xaraya.com/index.php/news/569 - Patch
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/24051 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/24051 -

14 Feb 2024, 01:17

Type Values Removed Values Added
References () http://www.maxdev.com/Article550.phtml - () http://www.maxdev.com/Article550.phtml - URL Repurposed

Information

Published : 2006-01-09 23:03

Updated : 2024-11-21 00:05


NVD link : CVE-2006-0146

Mitre link : CVE-2006-0146

CVE.ORG link : CVE-2006-0146


JSON object : View

Products Affected

mantis

  • mantis

the_cacti_group

  • cacti

postnuke_software_foundation

  • postnuke

moodle

  • moodle

john_lim

  • adodb

mediabeez

  • mediabeez
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')