Vulnerability Description
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| John Lim | Adodb | 4.66 |
| Mantis | Mantis | 0.19.4 |
| Moodle | Moodle | 1.5.3 |
| Postnuke Software Foundation | Postnuke | 0.761 |
| The Cacti Group | Cacti | 0.8.6g |
References
- http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.htmlExploit
- http://retrogod.altervista.org/simplog_092_incl_xpl.htmlExploit
- http://secunia.com/advisories/17418ExploitPatchVendor Advisory
- http://secunia.com/advisories/18233PatchVendor Advisory
- http://secunia.com/advisories/18254PatchVendor Advisory
- http://secunia.com/advisories/18260PatchVendor Advisory
- http://secunia.com/advisories/18267Vendor Advisory
- http://secunia.com/advisories/18276PatchVendor Advisory
- http://secunia.com/advisories/19555PatchVendor Advisory
- http://secunia.com/advisories/19590PatchVendor Advisory
- http://secunia.com/advisories/19591PatchVendor Advisory
- http://secunia.com/advisories/19600Vendor Advisory
- http://secunia.com/advisories/19628PatchVendor Advisory
- http://secunia.com/advisories/19691
- http://secunia.com/secunia_research/2005-64/advisory/ExploitPatchVendor Advisory
FAQ
What is CVE-2006-0147?
CVE-2006-0147 is a vulnerability with a CVSS score of 7.5 (HIGH). Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, ...
How severe is CVE-2006-0147?
CVE-2006-0147 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0147?
Check the references section above for vendor advisories and patch information. Affected products include: John Lim Adodb, Mantis Mantis, Moodle Moodle, Postnuke Software Foundation Postnuke, The Cacti Group Cacti.