CVE-2006-4976 Information

Feb 14, 2021 cve

Description

The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for (1) server.php (2) adodb-errorpear.inc.php (3) adodb-iterator.inc.php (4) adodb-pear.inc.php (5) adodb-perf.inc.php (6) adodb-xmlschema.inc.php and (7) adodb.inc.php; files in datadict including (8) datadict-access.inc.php (9) datadict-db2.inc.php (10) datadict-generic.inc.php (11) datadict-ibase.inc.php (12) datadict-informix.inc.php (13) datadict-mssql.inc.php (14) datadict-mysql.inc.php (15) datadict-oci8.inc.php (16) datadict-postgres.inc.php and (17) datadict-sybase.inc.php; files in drivers/ including (18) adodb-access.inc.php (19) adodb-ado.inc.php (20) adodb-ado_access.inc.php (21) adodb-ado_mssql.inc.php (22) adodb-borland_ibase.inc.php (23) adodb-csv.inc.php (24) adodb-db2.inc.php (25) adodb-fbsql.inc.php (26) adodb-firebird.inc.php (27) adodb-ibase.inc.php (28) adodb-informix.inc.php (29) adodb-informix72.inc.php (30) adodb-mssql.inc.php (31) adodb-mssqlpo.inc.php (32) adodb-mysql.inc.php (33) adodb-mysqli.inc.php (34) adodb-mysqlt.inc.php (35) adodb-oci8.inc.php (36) adodb-oci805.inc.php (37) adodb-oci8po.inc.php (38) adodb-odbc.inc.php (39) adodb-odbc_mssql.inc.php (40) adodb-odbc_oracle.inc.php (41) adodb-oracle.inc.php (42) adodb-postgres64.inc.php (43) adodb-postgres7.inc.php (44) adodb-proxy.inc.php (45) adodb-sapdb.inc.php (46) adodb-sqlanywhere.inc.php (47) adodb-sqlite.inc.php (48) adodb-sybase.inc.php (49) adodb-vfp.inc.php; file in perf/ including (50) perf-db2.inc.php (51) perf-informix.inc.php (52) perf-mssql.inc.php (53) perf-mysql.inc.php (54) perf-oci8.inc.php (55) perf-postgres.inc.php; tests/ files (56) benchmark.php (57) client.php (58) test-datadict.php (59) test-perf.php (60) test-pgblob.php (61) test-php5.php (62) test-xmlschema.php (63) test.php (64) test2.php (65) test3.php (66) test4.php (67) test5.php (68) test_rs_array.php (69) testcache.php (70) testdatabases.inc.php (71) testgenid.php (72) testmssql.php (73) testoci8.php (74) testoci8cursor.php (75) testpaging.php (76) testpear.php (77) testsessions.php (78) time.php or (79) tmssql.php which reveals the path in various error messages.

Reference

http://securityreason.com/securityalert/1629 http://www.securityfocus.com/archive/1/445995/100/100/threaded

Share on: