[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-0146Date: (C)2006-01-09   (M)2024-02-22


The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-16187
SECUNIA-17418
SECUNIA-18233
SECUNIA-18254
SECUNIA-18260
SECUNIA-18267
SECUNIA-18276
SECUNIA-18720
SECUNIA-19555
SECUNIA-19563
SECUNIA-19590
SECUNIA-19591
SECUNIA-19600
SECUNIA-19691
SECUNIA-19699
http://www.securityfocus.com/archive/1/423784/100/0/threaded
http://www.securityfocus.com/archive/1/430448/100/0/threaded
http://www.securityfocus.com/archive/1/466171/100/0/threaded
OSVDB-22290
SECUNIA-24954
SREASON-713
ADV-2006-0101
ADV-2006-0102
ADV-2006-0103
ADV-2006-0104
ADV-2006-0105
ADV-2006-0370
ADV-2006-0447
ADV-2006-1304
ADV-2006-1305
ADV-2006-1419
DSA-1029
DSA-1030
DSA-1031
GLSA-200604-07
adodb-server-command-execution(24051)
http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html
http://secunia.com/secunia_research/2005-64/advisory/
http://www.maxdev.com/Article550.phtml
http://www.xaraya.com/index.php/news/569

CWE    1
CWE-89

© SecPod Technologies