CVE-2006-0147
Summary
| CVE | CVE-2006-0147 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2006-01-09 23:03:00 UTC |
| Updated | 2018-10-19 15:42:00 UTC |
| Description | Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | John Lim | Adodb | 4.66 | All | All | All |
| Application | John Lim | Adodb | 4.68 | All | All | All |
| Application | John Lim | Adodb | 4.66 | All | All | All |
| Application | John Lim | Adodb | 4.68 | All | All | All |
| Application | Mantis | Mantis | 0.19.4 | All | All | All |
| Application | Mantis | Mantis | 1.0.0_rc4 | All | All | All |
| Application | Mantis | Mantis | 0.19.4 | All | All | All |
| Application | Mantis | Mantis | 1.0.0_rc4 | All | All | All |
| Application | Moodle | Moodle | 1.5.3 | All | All | All |
| Application | Moodle | Moodle | 1.5.3 | All | All | All |
| Application | Postnuke Software Foundation | Postnuke | 0.761 | All | All | All |
| Application | Postnuke Software Foundation | Postnuke | 0.761 | All | All | All |
| Application | The Cacti Group | Cacti | 0.8.6g | All | All | All |
| Application | The Cacti Group | Cacti | 0.8.6g | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Secunia - Advisories - Moodle ADOdb Insecure Test Scripts Security Issues | SECUNIA | secunia.com | Vendor Advisory |
| PHPOpenChat ADOdb Insecure Test Scripts Security Issues - Advisories - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| Debian update for cacti - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | Patch, Vendor Advisory |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Debian -- Security Information -- DSA-1029-1 libphp-adodb | DEBIAN | www.debian.org | Patch, Vendor Advisory |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Error 404 :( | MISC | retrogod.altervista.org | Exploit |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Debian update for moodle - Advisories - Secunia | SECUNIA | secunia.com | Patch, Vendor Advisory |
| Secunia - Advisories - Mantis ADOdb Insecure Test Scripts Security Issues | SECUNIA | secunia.com | Patch, Vendor Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| 22291 | OSVDB | www.osvdb.org | |
| Vulnerability and Virus Information - Secunia | MISC | secunia.com | Exploit, Patch, Vendor Advisory |
| Debian -- Security Information -- DSA-1031-1 cacti | DEBIAN | www.debian.org | |
| Xaraya ADOdb Insecure Test Scripts Security Issues - Advisories - Secunia | SECUNIA | secunia.com | Patch, Vendor Advisory |
| Simplog Multiple Vulnerabilities and Security Issues - Advisories - Secunia | SECUNIA | secunia.com | Patch, Vendor Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Error 404 :( | MISC | retrogod.altervista.org | Exploit |
| Secunia - Advisories - Gentoo update for cacti | SECUNIA | secunia.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Debian update for libphp-adodb - Advisories - Secunia | SECUNIA | secunia.com | Patch, Vendor Advisory |
| Gentoo Linux Documentation -- Cacti: Multiple vulnerabilities in included ADOdb | GENTOO | www.gentoo.org | Patch, Vendor Advisory |
| Cacti ADOdb "server.php" Insecure Test Script Security Issue - Advisories - Secunia | SECUNIA | secunia.com | Patch, Vendor Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Simplog <= 0.9.2 (s) Remote Commands Execution Exploit | EXPLOIT-DB | www.exploit-db.com | |
| ADOdb Insecure Test Scripts Security Issues - Advisories - Secunia | SECUNIA | secunia.com | Exploit, Patch, Vendor Advisory |
| PostNuke ADOdb "server.php" Insecure Test Script Security Issue - Advisories - Secunia | SECUNIA | secunia.com | Patch, Vendor Advisory |
| Debian -- Security Information -- DSA-1030-1 moodle | DEBIAN | www.debian.org | Patch, Vendor Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.