7.5

CVE-2006-0147

Exploit
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
John LimAdodb Version4.66
John LimAdodb Version4.68
MantisMantis Version0.19.4
MantisMantis Version1.0.0_rc4
MoodleMoodle Version1.5.3
The Cacti GroupCacti Version0.8.6g
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 13.07% 0.959
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html
Exploit
http://secunia.com/advisories/17418
Patch
Vendor Advisory
Exploit
http://secunia.com/advisories/18233
Patch
Vendor Advisory
http://secunia.com/advisories/18254
Patch
Vendor Advisory
http://secunia.com/advisories/18260
Patch
Vendor Advisory
http://secunia.com/advisories/18267
Vendor Advisory
http://secunia.com/advisories/18276
Patch
Vendor Advisory
http://secunia.com/advisories/19555
Patch
Vendor Advisory
http://secunia.com/advisories/19590
Patch
Vendor Advisory
http://secunia.com/advisories/19591
Patch
Vendor Advisory
http://secunia.com/advisories/19600
Vendor Advisory
http://secunia.com/advisories/19691
http://secunia.com/secunia_research/2005-64/advisory/
Patch
Vendor Advisory
Exploit
http://www.debian.org/security/2006/dsa-1029
Patch
Vendor Advisory
http://www.debian.org/security/2006/dsa-1030
Patch
Vendor Advisory
http://www.debian.org/security/2006/dsa-1031
http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/430448/100/0/threaded
http://www.vupen.com/english/advisories/2006/0101
http://www.vupen.com/english/advisories/2006/0102
http://www.vupen.com/english/advisories/2006/0103
http://www.vupen.com/english/advisories/2006/0104
http://www.vupen.com/english/advisories/2006/1305
http://retrogod.altervista.org/simplog_092_incl_xpl.html
Exploit
http://secunia.com/advisories/19628
Patch
Vendor Advisory
http://www.osvdb.org/22291
http://www.securityfocus.com/archive/1/430743/100/0/threaded
http://www.vupen.com/english/advisories/2006/1332
https://exchange.xforce.ibmcloud.com/vulnerabilities/24052
https://www.exploit-db.com/exploits/1663