CVE-2006-0146 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-0146
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-0146

Description: The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/24051 SREASON http://securityreason.com/securityalert/713 SAID Secunia Advisory: SA19563 Secunia Advisory: SA19555 Secunia Advisory: SA18254 Secunia Advisory: SA18267 Secunia Advisory: SA18260 Secunia Advisory: SA18276 Secunia Advisory: SA18233 Secunia Advisory: SA18720 Secunia Advisory: SA17418 Secunia Advisory: SA19590 Secunia Advisory: SA19591 Secunia Advisory: SA19600 Secunia Advisory: SA19699 Secunia Advisory: SA19691 Secunia Advisory: SA24954 OSVDB 22290 MISC http://secunia.com/secunia_research/2005-64/advisory/ http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html GENTOO http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml DEBIAN http://www.debian.org/security/2006/dsa-1030 http://www.debian.org/security/2006/dsa-1031 http://www.debian.org/security/2006/dsa-1029 CONFIRM http://www.xaraya.com/index.php/news/569 http://www.maxdev.com/Article550.phtml BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/466171/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/430448/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/423784/100/0/threaded BID 16187

Return to the previous page.