7.5

CVE-2006-0146

Exploit
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
John LimAdodb Version4.66
John LimAdodb Version4.68
MantisMantis Version0.19.4
MantisMantis Version1.0.0_rc4
MoodleMoodle Version1.5.3
The Cacti GroupCacti Version0.8.6g
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 13.24% 0.959
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html
Exploit
http://secunia.com/advisories/17418
Patch
Vendor Advisory
Exploit
http://secunia.com/advisories/18233
Patch
Vendor Advisory
http://secunia.com/advisories/18254
Vendor Advisory
http://secunia.com/advisories/18260
Patch
Vendor Advisory
http://secunia.com/advisories/18267
Vendor Advisory
http://secunia.com/advisories/18276
Patch
Vendor Advisory
http://secunia.com/advisories/18720
Patch
Vendor Advisory
http://secunia.com/advisories/19555
Patch
Vendor Advisory
http://secunia.com/advisories/19563
Patch
Vendor Advisory
http://secunia.com/advisories/19590
Patch
Vendor Advisory
http://secunia.com/advisories/19591
Patch
Vendor Advisory
http://secunia.com/advisories/19600
Vendor Advisory
http://secunia.com/advisories/19691
Vendor Advisory
http://secunia.com/advisories/19699
Patch
Vendor Advisory
http://secunia.com/advisories/24954
Vendor Advisory
http://secunia.com/secunia_research/2005-64/advisory/
Patch
Vendor Advisory
Exploit
http://securityreason.com/securityalert/713
http://www.debian.org/security/2006/dsa-1029
Patch
Vendor Advisory
http://www.debian.org/security/2006/dsa-1030
Patch
Vendor Advisory
http://www.debian.org/security/2006/dsa-1031
Patch
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml
Patch
Vendor Advisory
http://www.maxdev.com/Article550.phtml
URL Repurposed
http://www.osvdb.org/22290
Patch
Exploit
http://www.securityfocus.com/archive/1/423784/100/0/threaded
http://www.securityfocus.com/archive/1/430448/100/0/threaded
http://www.securityfocus.com/archive/1/466171/100/0/threaded
http://www.securityfocus.com/bid/16187
Patch
Exploit
http://www.vupen.com/english/advisories/2006/0101
Vendor Advisory
http://www.vupen.com/english/advisories/2006/0102
http://www.vupen.com/english/advisories/2006/0103
Vendor Advisory
http://www.vupen.com/english/advisories/2006/0104
Vendor Advisory
http://www.vupen.com/english/advisories/2006/0105
Vendor Advisory
http://www.vupen.com/english/advisories/2006/0370
Vendor Advisory
http://www.vupen.com/english/advisories/2006/0447
Vendor Advisory
http://www.vupen.com/english/advisories/2006/1304
Vendor Advisory
http://www.vupen.com/english/advisories/2006/1305
Vendor Advisory
http://www.vupen.com/english/advisories/2006/1419
http://www.xaraya.com/index.php/news/569
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/24051