{"api_version":"1","generated_at":"2026-04-10T06:16:48+00:00","cve":"CVE-2006-0146","urls":{"html":"https://cve.report/CVE-2006-0146","api":"https://cve.report/api/cve/CVE-2006-0146.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-0146","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-0146"},"summary":{"title":"CVE-2006-0146","description":"The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-01-09 23:03:00","updated_at":"2018-10-19 15:42:00"},"problem_types":["CWE-89"],"metrics":[],"references":[{"url":"http://secunia.com/advisories/18267","name":"18267","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Secunia - Advisories - Moodle ADOdb Insecure Test Scripts Security Issues","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/18720","name":"18720","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"AgileBill ADOdb server.php Insecure Test Script Security Issue - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/19600","name":"19600","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"PHPOpenChat ADOdb Insecure Test Scripts Security Issues - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/19590","name":"19590","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"Debian update for cacti - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/0447","name":"ADV-2006-0447","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2006/dsa-1029","name":"DSA-1029","refsource":"DEBIAN","tags":["Patch","Vendor Advisory"],"title":"Debian -- Security Information -- DSA-1029-1 libphp-adodb","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24051","name":"adodb-server-command-execution(24051)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/430448/100/0/threaded","name":"20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/16187","name":"16187","refsource":"BID","tags":["Exploit","Patch"],"title":"ADOdb Server.PHP SQL Injection Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.vupen.com/english/advisories/2006/0101","name":"ADV-2006-0101","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.maxdev.com/Article550.phtml","name":"http://www.maxdev.com/Article550.phtml","refsource":"CONFIRM","tags":[],"title":"Arbitrary SQL code execution via adodb :: MAXdev :: MDPro, the most easy to use and feature rich GPL Content Management System.","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/19591","name":"19591","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"Debian update for moodle - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securityreason.com/securityalert/713","name":"713","refsource":"SREASON","tags":[],"title":"SecurityReason - Cacti: Multiple vulnerabilities in included ADOdb","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/1419","name":"ADV-2006-1419","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/18254","name":"18254","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Secunia - Advisories - Mantis ADOdb Insecure Test Scripts Security Issues","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/secunia_research/2005-64/advisory/","name":"http://secunia.com/secunia_research/2005-64/advisory/","refsource":"MISC","tags":["Exploit","Patch","Vendor Advisory"],"title":"Vulnerability and Virus Information - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2006/dsa-1031","name":"DSA-1031","refsource":"DEBIAN","tags":["Patch","Vendor Advisory"],"title":"Debian -- Security Information -- DSA-1031-1 cacti","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/18233","name":"18233","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"Xaraya ADOdb Insecure Test Scripts Security Issues - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/19699","name":"19699","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"LifeType ADOdb \"server.php\" Insecure Test Script Security Issue - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/1304","name":"ADV-2006-1304","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/0370","name":"ADV-2006-0370","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/0103","name":"ADV-2006-0103","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html","name":"http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html","refsource":"MISC","tags":["Exploit"],"title":"Error 404 :(","mime":"text/plain","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/advisories/19691","name":"19691","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Secunia - Advisories - Gentoo update for cacti","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/466171/100/0/threaded","name":"20070418 MediaBeez Sql query Execution .. Wear isn't ?? :)","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/19563","name":"19563","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"MAXdev MD-Pro ADOdb \"server.php\" Insecure Test Script Security Issue - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/0104","name":"ADV-2006-0104","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/22290","name":"22290","refsource":"OSVDB","tags":["Exploit","Patch"],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://secunia.com/advisories/19555","name":"19555","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"Debian update for libphp-adodb - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml","name":"GLSA-200604-07","refsource":"GENTOO","tags":["Patch","Vendor Advisory"],"title":"Gentoo Linux Documentation\n--\n  Cacti: Multiple vulnerabilities in included ADOdb","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/423784/100/0/threaded","name":"20060202 Bug for libs in php link directory 2.0","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/18276","name":"18276","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"Cacti ADOdb \"server.php\" Insecure Test Script Security Issue - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/0105","name":"ADV-2006-0105","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/24954","name":"24954","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"MediaBeez \"server.php\" SQL Execution Vulnerability - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/1305","name":"ADV-2006-1305","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/17418","name":"17418","refsource":"SECUNIA","tags":["Exploit","Patch","Vendor Advisory"],"title":"ADOdb Insecure Test Scripts Security Issues - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/18260","name":"18260","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"PostNuke ADOdb \"server.php\" Insecure Test Script Security Issue - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.xaraya.com/index.php/news/569","name":"http://www.xaraya.com/index.php/news/569","refsource":"CONFIRM","tags":["Patch"],"title":"Xaraya :: Xaraya 1.0.2 Security Release","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.debian.org/security/2006/dsa-1030","name":"DSA-1030","refsource":"DEBIAN","tags":["Patch","Vendor Advisory"],"title":"Debian -- Security Information -- DSA-1030-1 moodle","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/0102","name":"ADV-2006-0102","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-0146","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-0146","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"146","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"john_lim","cpe5":"adodb","cpe6":"4.66","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"146","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"john_lim","cpe5":"adodb","cpe6":"4.68","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"146","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"john_lim","cpe5":"adodb","cpe6":"4.66","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"146","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"john_lim","cpe5":"adodb","cpe6":"4.68","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"146","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mantis","cpe5":"mantis","cpe6":"0.19.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"146","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mantis","cpe5":"mantis","cpe6":"1.0.0_rc4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"146","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mantis","cpe5":"mantis","cpe6":"0.19.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"146","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mantis","cpe5":"mantis","cpe6":"1.0.0_rc4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"146","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mediabeez","cpe5":"mediabeez","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"146","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mediabeez","cpe5":"mediabeez","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"146","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"moodle","cpe5":"moodle","cpe6":"1.5.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"146","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"moodle","cpe5":"moodle","cpe6":"1.5.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"146","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"postnuke_software_foundation","cpe5":"postnuke","cpe6":"0.761","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"146","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"postnuke_software_foundation","cpe5":"postnuke","cpe6":"0.761","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"146","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"the_cacti_group","cpe5":"cacti","cpe6":"0.8.6g","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"146","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"the_cacti_group","cpe5":"cacti","cpe6":"0.8.6g","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-0146","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"19590","refsource":"SECUNIA","url":"http://secunia.com/advisories/19590"},{"name":"18267","refsource":"SECUNIA","url":"http://secunia.com/advisories/18267"},{"name":"18254","refsource":"SECUNIA","url":"http://secunia.com/advisories/18254"},{"name":"19555","refsource":"SECUNIA","url":"http://secunia.com/advisories/19555"},{"name":"DSA-1029","refsource":"DEBIAN","url":"http://www.debian.org/security/2006/dsa-1029"},{"name":"20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/430448/100/0/threaded"},{"name":"http://www.maxdev.com/Article550.phtml","refsource":"CONFIRM","url":"http://www.maxdev.com/Article550.phtml"},{"name":"ADV-2006-0105","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/0105"},{"name":"19699","refsource":"SECUNIA","url":"http://secunia.com/advisories/19699"},{"name":"DSA-1030","refsource":"DEBIAN","url":"http://www.debian.org/security/2006/dsa-1030"},{"name":"ADV-2006-1305","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/1305"},{"name":"24954","refsource":"SECUNIA","url":"http://secunia.com/advisories/24954"},{"name":"18276","refsource":"SECUNIA","url":"http://secunia.com/advisories/18276"},{"name":"713","refsource":"SREASON","url":"http://securityreason.com/securityalert/713"},{"name":"ADV-2006-1304","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/1304"},{"name":"19600","refsource":"SECUNIA","url":"http://secunia.com/advisories/19600"},{"name":"20070418 MediaBeez Sql query Execution .. Wear isn't ?? :)","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/466171/100/0/threaded"},{"name":"ADV-2006-0103","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/0103"},{"name":"http://secunia.com/secunia_research/2005-64/advisory/","refsource":"MISC","url":"http://secunia.com/secunia_research/2005-64/advisory/"},{"name":"16187","refsource":"BID","url":"http://www.securityfocus.com/bid/16187"},{"name":"18720","refsource":"SECUNIA","url":"http://secunia.com/advisories/18720"},{"name":"ADV-2006-1419","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/1419"},{"name":"19591","refsource":"SECUNIA","url":"http://secunia.com/advisories/19591"},{"name":"ADV-2006-0447","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/0447"},{"name":"adodb-server-command-execution(24051)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"},{"name":"17418","refsource":"SECUNIA","url":"http://secunia.com/advisories/17418"},{"name":"http://www.xaraya.com/index.php/news/569","refsource":"CONFIRM","url":"http://www.xaraya.com/index.php/news/569"},{"name":"19691","refsource":"SECUNIA","url":"http://secunia.com/advisories/19691"},{"name":"ADV-2006-0102","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/0102"},{"name":"ADV-2006-0101","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/0101"},{"name":"18233","refsource":"SECUNIA","url":"http://secunia.com/advisories/18233"},{"name":"22290","refsource":"OSVDB","url":"http://www.osvdb.org/22290"},{"name":"ADV-2006-0370","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/0370"},{"name":"DSA-1031","refsource":"DEBIAN","url":"http://www.debian.org/security/2006/dsa-1031"},{"name":"http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html","refsource":"MISC","url":"http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"},{"name":"20060202 Bug for libs in php link directory 2.0","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/423784/100/0/threaded"},{"name":"ADV-2006-0104","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/0104"},{"name":"18260","refsource":"SECUNIA","url":"http://secunia.com/advisories/18260"},{"name":"GLSA-200604-07","refsource":"GENTOO","url":"http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"},{"name":"19563","refsource":"SECUNIA","url":"http://secunia.com/advisories/19563"}]}},"nvd":{"publishedDate":"2006-01-09 23:03:00","lastModifiedDate":"2018-10-19 15:42:00","problem_types":["CWE-89"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:postnuke_software_foundation:postnuke:0.761:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:john_lim:adodb:4.66:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:the_cacti_group:cacti:0.8.6g:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:john_lim:adodb:4.68:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:moodle:moodle:1.5.3:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mediabeez:mediabeez:*:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"146","Ordinal":"15267","Title":"CVE-2006-0146","CVE":"CVE-2006-0146","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"146","Ordinal":"1","NoteData":"The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"146","Ordinal":"2","NoteData":"2006-01-09","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"146","Ordinal":"3","NoteData":"2018-10-19","Type":"Other","Title":"Modified"}]}}}