[Forgot Password]
Login  Register Subscribe

23631

 
 

126998

 
 

102010

 
 

909

 
 

80911

 
 

121

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2006-0146Date: (C)2006-01-09   (M)2018-02-19


The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score  : CVSS Score  : 7.5
Exploit Score: Exploit Score: 10.0
Impact Score : Impact Score : 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: PARTIAL
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  





Reference:
BID-16187
SECUNIA-17418
SECUNIA-18233
SECUNIA-18254
SECUNIA-18260
SECUNIA-18267
SECUNIA-18276
SECUNIA-18720
SECUNIA-19555
SECUNIA-19563
SECUNIA-19590
SECUNIA-19591
SECUNIA-19600
SECUNIA-19691
SECUNIA-19699
http://www.securityfocus.com/archive/1/archive/1/423784/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/430448/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/430448/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/466171/100/0/threaded
OSVDB-22290
SECUNIA-24954
SREASON-713
ADV-2006-0101
ADV-2006-0102
ADV-2006-0103
ADV-2006-0104
ADV-2006-0105
ADV-2006-0370
ADV-2006-0447
ADV-2006-1304
ADV-2006-1305
ADV-2006-1419
DSA-1029
DSA-1030
DSA-1031
GLSA-200604-07
adodb-server-command-execution(24051)
http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html
http://secunia.com/secunia_research/2005-64/advisory/
http://www.maxdev.com/Article550.phtml
http://www.xaraya.com/index.php/news/569

CPE    1
cpe:/a:moodle:moodle:1.5.3
CWE    1
CWE-89

© 2013 SecPod Technologies