Vulnerability Description
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| John Lim | Adodb | 4.66 |
| Mantis | Mantis | 0.19.4 |
| Mediabeez | Mediabeez | All versions |
| Moodle | Moodle | 1.5.3 |
| Postnuke Software Foundation | Postnuke | 0.761 |
| The Cacti Group | Cacti | 0.8.6g |
Related Weaknesses (CWE)
References
- http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.htmlExploit
- http://secunia.com/advisories/17418ExploitPatchVendor Advisory
- http://secunia.com/advisories/18233PatchVendor Advisory
- http://secunia.com/advisories/18254Vendor Advisory
- http://secunia.com/advisories/18260PatchVendor Advisory
- http://secunia.com/advisories/18267Vendor Advisory
- http://secunia.com/advisories/18276PatchVendor Advisory
- http://secunia.com/advisories/18720PatchVendor Advisory
- http://secunia.com/advisories/19555PatchVendor Advisory
- http://secunia.com/advisories/19563PatchVendor Advisory
- http://secunia.com/advisories/19590PatchVendor Advisory
- http://secunia.com/advisories/19591PatchVendor Advisory
- http://secunia.com/advisories/19600Vendor Advisory
- http://secunia.com/advisories/19691Vendor Advisory
- http://secunia.com/advisories/19699PatchVendor Advisory
FAQ
What is CVE-2006-0146?
CVE-2006-0146 is a vulnerability with a CVSS score of 7.5 (HIGH). The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8)...
How severe is CVE-2006-0146?
CVE-2006-0146 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0146?
Check the references section above for vendor advisories and patch information. Affected products include: John Lim Adodb, Mantis Mantis, Mediabeez Mediabeez, Moodle Moodle, Postnuke Software Foundation Postnuke.