CVE - CVE-2006-0147

CVE-ID
CVE-2006-0147	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20060409 PhpOpenChat 3.0.x ADODB Server.php "sql" SQL injection URL:http://www.securityfocus.com/archive/1/430448/100/0/threaded BUGTRAQ:20060412 Simplog <=0.9.2 multiple vulnerabilities URL:http://www.securityfocus.com/archive/1/430743/100/0/threaded DEBIAN:DSA-1029 URL:http://www.debian.org/security/2006/dsa-1029 DEBIAN:DSA-1030 URL:http://www.debian.org/security/2006/dsa-1030 DEBIAN:DSA-1031 URL:http://www.debian.org/security/2006/dsa-1031 EXPLOIT-DB:1663 URL:https://www.exploit-db.com/exploits/1663 GENTOO:GLSA-200604-07 URL:http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml MISC:http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html MISC:http://retrogod.altervista.org/simplog_092_incl_xpl.html MISC:http://secunia.com/secunia_research/2005-64/advisory/ OSVDB:22291 URL:~~http://www.osvdb.org/22291~~ (Obsolete source) SECUNIA:17418 URL:http://secunia.com/advisories/17418 SECUNIA:18233 URL:http://secunia.com/advisories/18233 SECUNIA:18254 URL:http://secunia.com/advisories/18254 SECUNIA:18260 URL:http://secunia.com/advisories/18260 SECUNIA:18267 URL:http://secunia.com/advisories/18267 SECUNIA:18276 URL:http://secunia.com/advisories/18276 SECUNIA:19555 URL:http://secunia.com/advisories/19555 SECUNIA:19590 URL:http://secunia.com/advisories/19590 SECUNIA:19591 URL:http://secunia.com/advisories/19591 SECUNIA:19600 URL:http://secunia.com/advisories/19600 SECUNIA:19628 URL:http://secunia.com/advisories/19628 SECUNIA:19691 URL:http://secunia.com/advisories/19691 VUPEN:ADV-2006-0101 URL:~~http://www.vupen.com/english/advisories/2006/0101~~ (Obsolete source) VUPEN:ADV-2006-0102 URL:~~http://www.vupen.com/english/advisories/2006/0102~~ (Obsolete source) VUPEN:ADV-2006-0103 URL:~~http://www.vupen.com/english/advisories/2006/0103~~ (Obsolete source) VUPEN:ADV-2006-0104 URL:~~http://www.vupen.com/english/advisories/2006/0104~~ (Obsolete source) VUPEN:ADV-2006-1305 URL:~~http://www.vupen.com/english/advisories/2006/1305~~ (Obsolete source) VUPEN:ADV-2006-1332 URL:~~http://www.vupen.com/english/advisories/2006/1332~~ (Obsolete source) XF:adodb-tmssql-command-execution(24052) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/24052
Assigning CNA
MITRE Corporation
Date Record Created
20060109	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060109)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)