Vulnerability CVE-2006-0146

Vulnerability CVE-2006-0146

Published: 2006-01-09 Modified: 2012-02-12

Description:

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.

See advisories in our WLB2 database:

	Topic	Author	Date
Med.	Cacti: Multiple vulnerabilities in included ADOdb	Thierry Carrez (...	15.04.2006

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.5/10	6.4/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
The cacti group -> Cacti
Postnuke software foundation -> Postnuke
Moodle -> Moodle
Mediabeez -> Mediabeez
Mantis -> Mantis
John lim -> Adodb

References:

http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html

http://securityreason.com/securityalert/713

http://www.debian.org/security/2006/dsa-1029

http://www.debian.org/security/2006/dsa-1030

http://www.debian.org/security/2006/dsa-1031

http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml

http://www.maxdev.com/Article550.phtml

http://www.securityfocus.com/archive/1/423784/100/0/threaded

http://www.securityfocus.com/archive/1/430448/100/0/threaded

http://www.securityfocus.com/archive/1/466171/100/0/threaded

http://www.securityfocus.com/bid/16187

http://www.vupen.com/english/advisories/2006/0101

http://www.vupen.com/english/advisories/2006/0102

http://www.vupen.com/english/advisories/2006/0103

http://www.vupen.com/english/advisories/2006/0104

http://www.vupen.com/english/advisories/2006/0105

http://www.vupen.com/english/advisories/2006/0370

http://www.vupen.com/english/advisories/2006/0447

http://www.vupen.com/english/advisories/2006/1304

http://www.vupen.com/english/advisories/2006/1305

http://www.vupen.com/english/advisories/2006/1419

http://www.xaraya.com/index.php/news/569

https://exchange.xforce.ibmcloud.com/vulnerabilities/24051

Vulnerability CVE-2006-0146

See advisories in our WLB2 database:

Med.

Cacti: Multiple vulnerabilities in included ADOdb

CWE-89

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

7.5/10

6.4/10

10/10

Remote

Low

No required

Partial

Partial

Partial

Affected software

References: