7.5

CVE-2006-0147

Exploit

EPSS 21.17%
Veröffentlicht 09.01.2006 23:03:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 33

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

John Lim ≫ Adodb Version4.66

John Lim ≫ Adodb Version4.68

Mantis ≫ Mantis Version0.19.4

Mantis ≫ Mantis Version1.0.0_rc4

Moodle ≫ Moodle Version1.5.3

Postnuke Software Foundation ≫ Postnuke Version0.761

The Cacti Group ≫ Cacti Version0.8.6g

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	21.17%	0.951

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html

Exploit

http://secunia.com/advisories/17418

Patch

Vendor Advisory

Exploit

http://secunia.com/advisories/18233

Patch

Vendor Advisory

http://secunia.com/advisories/18254

Patch

Vendor Advisory

http://secunia.com/advisories/18260

Patch

Vendor Advisory

http://secunia.com/advisories/18267

Vendor Advisory

http://secunia.com/advisories/18276

Patch

Vendor Advisory

http://secunia.com/advisories/19555

Patch

Vendor Advisory

http://secunia.com/advisories/19590

Patch

Vendor Advisory

http://secunia.com/advisories/19591

Patch

Vendor Advisory

http://secunia.com/advisories/19600

Vendor Advisory

http://secunia.com/advisories/19691

http://secunia.com/secunia_research/2005-64/advisory/

Patch

Vendor Advisory

Exploit

http://www.debian.org/security/2006/dsa-1029

Patch

Vendor Advisory

http://www.debian.org/security/2006/dsa-1030

Patch

Vendor Advisory

http://www.debian.org/security/2006/dsa-1031

http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml

Patch

Vendor Advisory

http://www.securityfocus.com/archive/1/430448/100/0/threaded

http://www.vupen.com/english/advisories/2006/0101

http://www.vupen.com/english/advisories/2006/0102

http://www.vupen.com/english/advisories/2006/0103

http://www.vupen.com/english/advisories/2006/0104

http://www.vupen.com/english/advisories/2006/1305

http://retrogod.altervista.org/simplog_092_incl_xpl.html

Exploit

http://secunia.com/advisories/19628

Patch

Vendor Advisory

http://www.osvdb.org/22291

http://www.securityfocus.com/archive/1/430743/100/0/threaded

http://www.vupen.com/english/advisories/2006/1332

https://exchange.xforce.ibmcloud.com/vulnerabilities/24052

https://www.exploit-db.com/exploits/1663

https://nvd.nist.gov/vuln/detail/CVE-2006-0147

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0147

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0147

EUVD