Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-0146

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.

Published

2006-01-09T23:03:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	john_lim	adodb	4.66	Yes
Application	john_lim	adodb	4.68	Yes
Application	mantis	mantis	0.19.4	Yes
Application	mantis	mantis	1.0.0_rc4	Yes
Application	mediabeez	mediabeez	*	Yes
Application	moodle	moodle	1.5.3	Yes
Application	postnuke_software_foundation	postnuke	0.761	Yes
Application	the_cacti_group	cacti	0.8.6g	Yes

References

http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html Exploit ([email protected])
http://secunia.com/advisories/17418 Exploit, Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/18233 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/18254 Vendor Advisory ([email protected])
http://secunia.com/advisories/18260 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/18267 Vendor Advisory ([email protected])
http://secunia.com/advisories/18276 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/18720 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/19555 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/19563 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/19590 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/19591 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/19600 Vendor Advisory ([email protected])
http://secunia.com/advisories/19691 Vendor Advisory ([email protected])
http://secunia.com/advisories/19699 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/24954 Vendor Advisory ([email protected])
http://secunia.com/secunia_research/2005-64/advisory/ Exploit, Patch, Vendor Advisory ([email protected])
http://securityreason.com/securityalert/713 ([email protected])
http://www.debian.org/security/2006/dsa-1029 Patch, Vendor Advisory ([email protected])
http://www.debian.org/security/2006/dsa-1030 Patch, Vendor Advisory ([email protected])
http://www.debian.org/security/2006/dsa-1031 Patch, Vendor Advisory ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml Patch, Vendor Advisory ([email protected])
http://www.maxdev.com/Article550.phtml URL Repurposed ([email protected])
http://www.osvdb.org/22290 Exploit, Patch ([email protected])
http://www.securityfocus.com/archive/1/423784/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/430448/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/466171/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/16187 Exploit, Patch ([email protected])
http://www.vupen.com/english/advisories/2006/0101 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2006/0102 ([email protected])
http://www.vupen.com/english/advisories/2006/0103 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2006/0104 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2006/0105 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2006/0370 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2006/0447 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2006/1304 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2006/1305 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2006/1419 ([email protected])
http://www.xaraya.com/index.php/news/569 Patch ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/24051 ([email protected])
http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/17418 Exploit, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18233 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18254 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18260 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18267 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18276 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18720 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19555 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19563 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19590 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19591 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19600 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19691 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19699 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24954 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/secunia_research/2005-64/advisory/ Exploit, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/713 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-1029 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-1030 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-1031 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.maxdev.com/Article550.phtml URL Repurposed (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/22290 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/423784/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/430448/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/466171/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/16187 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/0101 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/0102 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/0103 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/0104 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/0105 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/0370 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/0447 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/1304 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/1305 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/1419 (af854a3a-2127-422b-91ae-364da2661108)
http://www.xaraya.com/index.php/news/569 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24051 (af854a3a-2127-422b-91ae-364da2661108)