CVE-2006-0147 Information

Description

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70 as used in multiple products including (1) Mantis (2) PostNuke (3) Moodle (4) Cacti (5) Xaraya (6) PhpOpenChat possibly (7) MAXdev MD-Pro and (8) Simplog allows remote attackers to execute arbitrary PHP functions via the do parameter which is saved in a variable that is then executed as a function as demonstrated using phpinfo.

Reference

http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html http://retrogod.altervista.org/simplog_092_incl_xpl.html http://secunia.com/advisories/17418 http://secunia.com/advisories/18233 http://secunia.com/advisories/18254 http://secunia.com/advisories/18260 http://secunia.com/advisories/18267 http://secunia.com/advisories/18276 http://secunia.com/advisories/19555 http://secunia.com/advisories/19590 http://secunia.com/advisories/19591 http://secunia.com/advisories/19600 http://secunia.com/advisories/19628 http://secunia.com/advisories/19691 http://secunia.com/secunia_research/2005-64/advisory/ http://www.debian.org/security/2006/dsa-1029 http://www.debian.org/security/2006/dsa-1030 http://www.debian.org/security/2006/dsa-1031 http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml http://www.osvdb.org/22291 http://www.securityfocus.com/archive/1/430448/100/0/threaded http://www.securityfocus.com/archive/1/430743/100/0/threaded http://www.vupen.com/english/advisories/2006/0101 http://www.vupen.com/english/advisories/2006/0102 http://www.vupen.com/english/advisories/2006/0103 http://www.vupen.com/english/advisories/2006/0104 http://www.vupen.com/english/advisories/2006/1305 http://www.vupen.com/english/advisories/2006/1332 https://exchange.xforce.ibmcloud.com/vulnerabilities/24052 https://www.exploit-db.com/exploits/1663