[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2006-0146

Date: (C)2006-01-09   (M)2017-07-21 


The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.

CVSS Score: 7.5Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
BID-16187
SECUNIA-17418
SECUNIA-18233
SECUNIA-18254
SECUNIA-18260
SECUNIA-18267
SECUNIA-18276
SECUNIA-18720
SECUNIA-19555
SECUNIA-19563
SECUNIA-19590
SECUNIA-19591
SECUNIA-19600
SECUNIA-19691
SECUNIA-19699
http://www.securityfocus.com/archive/1/archive/1/423784/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/430448/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/430448/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/466171/100/0/threaded
OSVDB-22290
SECUNIA-24954
SREASON-713
ADV-2006-0101
ADV-2006-0102
ADV-2006-0103
ADV-2006-0104
ADV-2006-0105
ADV-2006-0370
ADV-2006-0447
ADV-2006-1304
ADV-2006-1305
ADV-2006-1419
DSA-1029
DSA-1030
DSA-1031
GLSA-200604-07
adodb-server-command-execution(24051)
http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html
http://secunia.com/secunia_research/2005-64/advisory/
http://www.maxdev.com/Article550.phtml
http://www.xaraya.com/index.php/news/569

CPE    1
cpe:/a:moodle:moodle:1.5.3
CWE    1
CWE-89

© 2013 SecPod Technologies