CVE-2006-0146: SQL Injection
First published: Mon Jan 09 2006(Updated: )
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Postnuke Software Foundation Postnuke | =0.761 | |
| John Lim ADOdb | =4.66 | |
| The Cacti Group Cacti | =0.8.6g | |
| Mantis Mantis | =1.0.0_rc4 | |
| John Lim ADOdb | =4.68 | |
| Moodle Moodle | =1.5.3 | |
| Mantis Mantis | =0.19.4 | |
| Mediabeez Mediabeez |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/secunia_research/2005-64/advisory/
- http://www.securityfocus.com/bid/16187
- http://secunia.com/advisories/17418
- http://secunia.com/advisories/18254
- http://secunia.com/advisories/18267
- http://secunia.com/advisories/18260
- http://secunia.com/advisories/18276
- http://secunia.com/advisories/18233
- http://www.osvdb.org/22290
- http://secunia.com/advisories/18720
- http://www.xaraya.com/index.php/news/569
- http://www.debian.org/security/2006/dsa-1029
- http://www.debian.org/security/2006/dsa-1030
- http://www.debian.org/security/2006/dsa-1031
- http://secunia.com/advisories/19555
- http://secunia.com/advisories/19590
- http://secunia.com/advisories/19591
- http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html
- http://www.maxdev.com/Article550.phtml
- http://secunia.com/advisories/19563
- http://secunia.com/advisories/19600
- http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml
- http://secunia.com/advisories/19699
- http://secunia.com/advisories/19691
- http://secunia.com/advisories/24954
- http://securityreason.com/securityalert/713
- http://www.vupen.com/english/advisories/2006/1305
- http://www.vupen.com/english/advisories/2006/0447
- http://www.vupen.com/english/advisories/2006/1419
- http://www.vupen.com/english/advisories/2006/0104
- http://www.vupen.com/english/advisories/2006/0370
- http://www.vupen.com/english/advisories/2006/0102
- http://www.vupen.com/english/advisories/2006/1304
- http://www.vupen.com/english/advisories/2006/0105
- http://www.vupen.com/english/advisories/2006/0103
- http://www.vupen.com/english/advisories/2006/0101
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24051
- http://www.securityfocus.com/archive/1/466171/100/0/threaded
- http://www.securityfocus.com/archive/1/430448/100/0/threaded
- http://www.securityfocus.com/archive/1/423784/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/postnuke software foundation
- canonical/postnuke software foundation postnuke
- version/postnuke software foundation postnuke/0.761
- vendor/john lim
- canonical/john lim adodb
- version/john lim adodb/4.66
- vendor/the cacti group
- canonical/the cacti group cacti
- version/the cacti group cacti/0.8.6g
- vendor/mantis
- canonical/mantis mantis
- version/mantis mantis/1.0.0_rc4
- version/john lim adodb/4.68
- vendor/moodle
- canonical/moodle moodle
- version/moodle moodle/1.5.3
- version/mantis mantis/0.19.4
- vendor/mediabeez
- canonical/mediabeez mediabeez