{"api_version":"1","generated_at":"2026-04-10T06:16:48+00:00","cve":"CVE-2006-0147","urls":{"html":"https://cve.report/CVE-2006-0147","api":"https://cve.report/api/cve/CVE-2006-0147.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-0147","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-0147"},"summary":{"title":"CVE-2006-0147","description":"Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-01-09 23:03:00","updated_at":"2018-10-19 15:42:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://secunia.com/advisories/18267","name":"18267","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Secunia - Advisories - Moodle ADOdb Insecure Test Scripts Security Issues","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/19600","name":"19600","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"PHPOpenChat ADOdb Insecure Test Scripts Security Issues - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/19590","name":"19590","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"Debian update for cacti - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24052","name":"adodb-tmssql-command-execution(24052)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2006/dsa-1029","name":"DSA-1029","refsource":"DEBIAN","tags":["Patch","Vendor Advisory"],"title":"Debian -- Security Information -- DSA-1029-1 libphp-adodb","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/430448/100/0/threaded","name":"20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://retrogod.altervista.org/simplog_092_incl_xpl.html","name":"http://retrogod.altervista.org/simplog_092_incl_xpl.html","refsource":"MISC","tags":["Exploit"],"title":"Error 404 :(","mime":"text/plain","httpstatus":"404","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/0101","name":"ADV-2006-0101","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/19591","name":"19591","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"Debian update for moodle - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/18254","name":"18254","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"Secunia - Advisories - Mantis ADOdb Insecure Test Scripts Security Issues","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/1332","name":"ADV-2006-1332","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/22291","name":"22291","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://secunia.com/secunia_research/2005-64/advisory/","name":"http://secunia.com/secunia_research/2005-64/advisory/","refsource":"MISC","tags":["Exploit","Patch","Vendor Advisory"],"title":"Vulnerability and Virus Information - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2006/dsa-1031","name":"DSA-1031","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-1031-1 cacti","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/18233","name":"18233","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"Xaraya ADOdb Insecure Test Scripts Security Issues - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/19628","name":"19628","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"Simplog Multiple Vulnerabilities and Security Issues - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/0103","name":"ADV-2006-0103","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html","name":"http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html","refsource":"MISC","tags":["Exploit"],"title":"Error 404 :(","mime":"text/plain","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/advisories/19691","name":"19691","refsource":"SECUNIA","tags":[],"title":"Secunia - Advisories - Gentoo update for cacti","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/0104","name":"ADV-2006-0104","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/19555","name":"19555","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"Debian update for libphp-adodb - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml","name":"GLSA-200604-07","refsource":"GENTOO","tags":["Patch","Vendor Advisory"],"title":"Gentoo Linux Documentation\n--\n  Cacti: Multiple vulnerabilities in included ADOdb","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/18276","name":"18276","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"Cacti ADOdb \"server.php\" Insecure Test Script Security Issue - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/1305","name":"ADV-2006-1305","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.exploit-db.com/exploits/1663","name":"1663","refsource":"EXPLOIT-DB","tags":[],"title":"Simplog <= 0.9.2 (s) Remote Commands Execution Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/17418","name":"17418","refsource":"SECUNIA","tags":["Exploit","Patch","Vendor Advisory"],"title":"ADOdb Insecure Test Scripts Security Issues - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/18260","name":"18260","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"PostNuke ADOdb \"server.php\" Insecure Test Script Security Issue - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2006/dsa-1030","name":"DSA-1030","refsource":"DEBIAN","tags":["Patch","Vendor Advisory"],"title":"Debian -- Security Information -- DSA-1030-1 moodle","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/0102","name":"ADV-2006-0102","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/430743/100/0/threaded","name":"20060412 Simplog <=0.9.2 multiple vulnerabilities","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-0147","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-0147","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"147","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"john_lim","cpe5":"adodb","cpe6":"4.66","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"147","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"john_lim","cpe5":"adodb","cpe6":"4.68","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"147","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"john_lim","cpe5":"adodb","cpe6":"4.66","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"147","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"john_lim","cpe5":"adodb","cpe6":"4.68","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"147","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mantis","cpe5":"mantis","cpe6":"0.19.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"147","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mantis","cpe5":"mantis","cpe6":"1.0.0_rc4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"147","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mantis","cpe5":"mantis","cpe6":"0.19.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"147","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mantis","cpe5":"mantis","cpe6":"1.0.0_rc4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"147","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"moodle","cpe5":"moodle","cpe6":"1.5.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"147","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"moodle","cpe5":"moodle","cpe6":"1.5.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"147","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"postnuke_software_foundation","cpe5":"postnuke","cpe6":"0.761","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"147","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"postnuke_software_foundation","cpe5":"postnuke","cpe6":"0.761","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"147","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"the_cacti_group","cpe5":"cacti","cpe6":"0.8.6g","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"147","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"the_cacti_group","cpe5":"cacti","cpe6":"0.8.6g","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-0147","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"19590","refsource":"SECUNIA","url":"http://secunia.com/advisories/19590"},{"name":"18267","refsource":"SECUNIA","url":"http://secunia.com/advisories/18267"},{"name":"18254","refsource":"SECUNIA","url":"http://secunia.com/advisories/18254"},{"name":"19555","refsource":"SECUNIA","url":"http://secunia.com/advisories/19555"},{"name":"DSA-1029","refsource":"DEBIAN","url":"http://www.debian.org/security/2006/dsa-1029"},{"name":"adodb-tmssql-command-execution(24052)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24052"},{"name":"19628","refsource":"SECUNIA","url":"http://secunia.com/advisories/19628"},{"name":"20060409 PhpOpenChat 3.0.x ADODB Server.php \"sql\" SQL injection","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/430448/100/0/threaded"},{"name":"DSA-1030","refsource":"DEBIAN","url":"http://www.debian.org/security/2006/dsa-1030"},{"name":"ADV-2006-1305","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/1305"},{"name":"18276","refsource":"SECUNIA","url":"http://secunia.com/advisories/18276"},{"name":"19600","refsource":"SECUNIA","url":"http://secunia.com/advisories/19600"},{"name":"1663","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/1663"},{"name":"ADV-2006-0103","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/0103"},{"name":"http://secunia.com/secunia_research/2005-64/advisory/","refsource":"MISC","url":"http://secunia.com/secunia_research/2005-64/advisory/"},{"name":"20060412 Simplog <=0.9.2 multiple vulnerabilities","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/430743/100/0/threaded"},{"name":"19591","refsource":"SECUNIA","url":"http://secunia.com/advisories/19591"},{"name":"17418","refsource":"SECUNIA","url":"http://secunia.com/advisories/17418"},{"name":"19691","refsource":"SECUNIA","url":"http://secunia.com/advisories/19691"},{"name":"ADV-2006-0102","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/0102"},{"name":"ADV-2006-0101","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/0101"},{"name":"18233","refsource":"SECUNIA","url":"http://secunia.com/advisories/18233"},{"name":"http://retrogod.altervista.org/simplog_092_incl_xpl.html","refsource":"MISC","url":"http://retrogod.altervista.org/simplog_092_incl_xpl.html"},{"name":"ADV-2006-1332","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/1332"},{"name":"22291","refsource":"OSVDB","url":"http://www.osvdb.org/22291"},{"name":"DSA-1031","refsource":"DEBIAN","url":"http://www.debian.org/security/2006/dsa-1031"},{"name":"http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html","refsource":"MISC","url":"http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"},{"name":"ADV-2006-0104","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/0104"},{"name":"18260","refsource":"SECUNIA","url":"http://secunia.com/advisories/18260"},{"name":"GLSA-200604-07","refsource":"GENTOO","url":"http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"}]}},"nvd":{"publishedDate":"2006-01-09 23:03:00","lastModifiedDate":"2018-10-19 15:42:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:postnuke_software_foundation:postnuke:0.761:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:john_lim:adodb:4.66:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:the_cacti_group:cacti:0.8.6g:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:john_lim:adodb:4.68:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:moodle:moodle:1.5.3:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"147","Ordinal":"15268","Title":"CVE-2006-0147","CVE":"CVE-2006-0147","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"147","Ordinal":"1","NoteData":"Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"147","Ordinal":"2","NoteData":"2006-01-09","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"147","Ordinal":"3","NoteData":"2018-10-19","Type":"Other","Title":"Modified"}]}}}