CVE-2006-0146 Information

Feb 14, 2021 cve

Description

The server.php test script in ADOdb for PHP before 4.70 as used in multiple products including (1) Mantis (2) PostNuke (3) Moodle (4) Cacti (5) Xaraya (6) PHPOpenChat (7) MAXdev MD-Pro and (8) MediaBeez when the MySQL root password is empty allows remote attackers to execute arbitrary SQL commands via the sql parameter.

Reference

http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html http://secunia.com/advisories/17418 http://secunia.com/advisories/18233 http://secunia.com/advisories/18254 http://secunia.com/advisories/18260 http://secunia.com/advisories/18267 http://secunia.com/advisories/18276 http://secunia.com/advisories/18720 http://secunia.com/advisories/19555 http://secunia.com/advisories/19563 http://secunia.com/advisories/19590 http://secunia.com/advisories/19591 http://secunia.com/advisories/19600 http://secunia.com/advisories/19691 http://secunia.com/advisories/19699 http://secunia.com/advisories/24954 http://secunia.com/secunia_research/2005-64/advisory/ http://securityreason.com/securityalert/713 http://www.debian.org/security/2006/dsa-1029 http://www.debian.org/security/2006/dsa-1030 http://www.debian.org/security/2006/dsa-1031 http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml http://www.maxdev.com/Article550.phtml http://www.osvdb.org/22290 http://www.securityfocus.com/archive/1/423784/100/0/threaded http://www.securityfocus.com/archive/1/430448/100/0/threaded http://www.securityfocus.com/archive/1/466171/100/0/threaded http://www.securityfocus.com/bid/16187 http://www.vupen.com/english/advisories/2006/0101 http://www.vupen.com/english/advisories/2006/0102 http://www.vupen.com/english/advisories/2006/0103 http://www.vupen.com/english/advisories/2006/0104 http://www.vupen.com/english/advisories/2006/0105 http://www.vupen.com/english/advisories/2006/0370 http://www.vupen.com/english/advisories/2006/0447 http://www.vupen.com/english/advisories/2006/1304 http://www.vupen.com/english/advisories/2006/1305 http://www.vupen.com/english/advisories/2006/1419 http://www.xaraya.com/index.php/news/569 https://exchange.xforce.ibmcloud.com/vulnerabilities/24051

Share on: