CVE-2006-0146

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-0146

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

T

he server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.

References
Link Resource
http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html Exploit
http://secunia.com/advisories/17418 Exploit Patch Vendor Advisory
http://secunia.com/advisories/18233 Patch Vendor Advisory
http://secunia.com/advisories/18254 Vendor Advisory
http://secunia.com/advisories/18260 Patch Vendor Advisory
http://secunia.com/advisories/18267 Vendor Advisory
http://secunia.com/advisories/18276 Patch Vendor Advisory
http://secunia.com/advisories/18720 Patch Vendor Advisory
http://secunia.com/advisories/19555 Patch Vendor Advisory
http://secunia.com/advisories/19563 Patch Vendor Advisory
http://secunia.com/advisories/19590 Patch Vendor Advisory
http://secunia.com/advisories/19591 Patch Vendor Advisory
http://secunia.com/advisories/19600 Vendor Advisory
http://secunia.com/advisories/19691 Vendor Advisory
http://secunia.com/advisories/19699 Patch Vendor Advisory
http://secunia.com/advisories/24954 Vendor Advisory
http://secunia.com/secunia_research/2005-64/advisory/ Exploit Patch Vendor Advisory
http://securityreason.com/securityalert/713
http://www.debian.org/security/2006/dsa-1029 Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-1030 Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-1031 Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml Patch Vendor Advisory
http://www.maxdev.com/Article550.phtml URL Repurposed
http://www.osvdb.org/22290 Exploit Patch
http://www.securityfocus.com/archive/1/423784/100/0/threaded
http://www.securityfocus.com/archive/1/430448/100/0/threaded
http://www.securityfocus.com/archive/1/466171/100/0/threaded
http://www.securityfocus.com/bid/16187 Exploit Patch
http://www.vupen.com/english/advisories/2006/0101 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0102
http://www.vupen.com/english/advisories/2006/0103 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0104 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0105 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0370 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0447 Vendor Advisory
http://www.vupen.com/english/advisories/2006/1304 Vendor Advisory
http://www.vupen.com/english/advisories/2006/1305 Vendor Advisory
http://www.vupen.com/english/advisories/2006/1419
http://www.xaraya.com/index.php/news/569 Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/24051
http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html Exploit
http://secunia.com/advisories/17418 Exploit Patch Vendor Advisory
http://secunia.com/advisories/18233 Patch Vendor Advisory
http://secunia.com/advisories/18254 Vendor Advisory
http://secunia.com/advisories/18260 Patch Vendor Advisory
http://secunia.com/advisories/18267 Vendor Advisory
http://secunia.com/advisories/18276 Patch Vendor Advisory
http://secunia.com/advisories/18720 Patch Vendor Advisory
http://secunia.com/advisories/19555 Patch Vendor Advisory
http://secunia.com/advisories/19563 Patch Vendor Advisory
http://secunia.com/advisories/19590 Patch Vendor Advisory
http://secunia.com/advisories/19591 Patch Vendor Advisory
http://secunia.com/advisories/19600 Vendor Advisory
http://secunia.com/advisories/19691 Vendor Advisory
http://secunia.com/advisories/19699 Patch Vendor Advisory
http://secunia.com/advisories/24954 Vendor Advisory
http://secunia.com/secunia_research/2005-64/advisory/ Exploit Patch Vendor Advisory
http://securityreason.com/securityalert/713
http://www.debian.org/security/2006/dsa-1029 Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-1030 Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-1031 Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml Patch Vendor Advisory
http://www.maxdev.com/Article550.phtml URL Repurposed
http://www.osvdb.org/22290 Exploit Patch
http://www.securityfocus.com/archive/1/423784/100/0/threaded
http://www.securityfocus.com/archive/1/430448/100/0/threaded
http://www.securityfocus.com/archive/1/466171/100/0/threaded
http://www.securityfocus.com/bid/16187 Exploit Patch
http://www.vupen.com/english/advisories/2006/0101 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0102
http://www.vupen.com/english/advisories/2006/0103 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0104 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0105 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0370 Vendor Advisory
http://www.vupen.com/english/advisories/2006/0447 Vendor Advisory
http://www.vupen.com/english/advisories/2006/1304 Vendor Advisory
http://www.vupen.com/english/advisories/2006/1305 Vendor Advisory
http://www.vupen.com/english/advisories/2006/1419
http://www.xaraya.com/index.php/news/569 Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/24051
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:john_lim:adodb:4.66:*:*:*:*:*:*:*
cpe:2.3:a:john_lim:adodb:4.68:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*
cpe:2.3:a:mediabeez:mediabeez:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.761:*:*:*:*:*:*:*
cpe:2.3:a:the_cacti_group:cacti:0.8.6g:*:*:*:*:*:*:*
History

21 Nov 2024, 00:05

Type Values Removed Values Added
References () http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html - Exploit () http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html - Exploit
References () http://secunia.com/advisories/17418 - Exploit, Patch, Vendor Advisory () http://secunia.com/advisories/17418 - Exploit, Patch, Vendor Advisory
References () http://secunia.com/advisories/18233 - Patch, Vendor Advisory () http://secunia.com/advisories/18233 - Patch, Vendor Advisory
References () http://secunia.com/advisories/18254 - Vendor Advisory () http://secunia.com/advisories/18254 - Vendor Advisory
References () http://secunia.com/advisories/18260 - Patch, Vendor Advisory () http://secunia.com/advisories/18260 - Patch, Vendor Advisory
References () http://secunia.com/advisories/18267 - Vendor Advisory () http://secunia.com/advisories/18267 - Vendor Advisory
References () http://secunia.com/advisories/18276 - Patch, Vendor Advisory () http://secunia.com/advisories/18276 - Patch, Vendor Advisory
References () http://secunia.com/advisories/18720 - Patch, Vendor Advisory () http://secunia.com/advisories/18720 - Patch, Vendor Advisory
References () http://secunia.com/advisories/19555 - Patch, Vendor Advisory () http://secunia.com/advisories/19555 - Patch, Vendor Advisory
References () http://secunia.com/advisories/19563 - Patch, Vendor Advisory () http://secunia.com/advisories/19563 - Patch, Vendor Advisory
References () http://secunia.com/advisories/19590 - Patch, Vendor Advisory () http://secunia.com/advisories/19590 - Patch, Vendor Advisory
References () http://secunia.com/advisories/19591 - Patch, Vendor Advisory () http://secunia.com/advisories/19591 - Patch, Vendor Advisory
References () http://secunia.com/advisories/19600 - Vendor Advisory () http://secunia.com/advisories/19600 - Vendor Advisory
References () http://secunia.com/advisories/19691 - Vendor Advisory () http://secunia.com/advisories/19691 - Vendor Advisory
References () http://secunia.com/advisories/19699 - Patch, Vendor Advisory () http://secunia.com/advisories/19699 - Patch, Vendor Advisory
References () http://secunia.com/advisories/24954 - Vendor Advisory () http://secunia.com/advisories/24954 - Vendor Advisory
References () http://secunia.com/secunia_research/2005-64/advisory/ - Exploit, Patch, Vendor Advisory () http://secunia.com/secunia_research/2005-64/advisory/ - Exploit, Patch, Vendor Advisory
References () http://securityreason.com/securityalert/713 - () http://securityreason.com/securityalert/713 -
References () http://www.debian.org/security/2006/dsa-1029 - Patch, Vendor Advisory () http://www.debian.org/security/2006/dsa-1029 - Patch, Vendor Advisory
References () http://www.debian.org/security/2006/dsa-1030 - Patch, Vendor Advisory () http://www.debian.org/security/2006/dsa-1030 - Patch, Vendor Advisory
References () http://www.debian.org/security/2006/dsa-1031 - Patch, Vendor Advisory () http://www.debian.org/security/2006/dsa-1031 - Patch, Vendor Advisory
References () http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml - Patch, Vendor Advisory () http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml - Patch, Vendor Advisory
References () http://www.maxdev.com/Article550.phtml - URL Repurposed () http://www.maxdev.com/Article550.phtml - URL Repurposed
References () http://www.osvdb.org/22290 - Exploit, Patch () http://www.osvdb.org/22290 - Exploit, Patch
References () http://www.securityfocus.com/archive/1/423784/100/0/threaded - () http://www.securityfocus.com/archive/1/423784/100/0/threaded -
References () http://www.securityfocus.com/archive/1/430448/100/0/threaded - () http://www.securityfocus.com/archive/1/430448/100/0/threaded -
References () http://www.securityfocus.com/archive/1/466171/100/0/threaded - () http://www.securityfocus.com/archive/1/466171/100/0/threaded -
References () http://www.securityfocus.com/bid/16187 - Exploit, Patch () http://www.securityfocus.com/bid/16187 - Exploit, Patch
References () http://www.vupen.com/english/advisories/2006/0101 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/0101 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2006/0102 - () http://www.vupen.com/english/advisories/2006/0102 -
References () http://www.vupen.com/english/advisories/2006/0103 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/0103 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2006/0104 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/0104 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2006/0105 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/0105 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2006/0370 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/0370 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2006/0447 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/0447 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2006/1304 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/1304 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2006/1305 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/1305 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2006/1419 - () http://www.vupen.com/english/advisories/2006/1419 -
References () http://www.xaraya.com/index.php/news/569 - Patch () http://www.xaraya.com/index.php/news/569 - Patch
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/24051 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/24051 -
Information

Published : 2006-01-09 23:03

Updated : 2025-04-03 01:03

NVD link : CVE-2006-0146

Mitre link : CVE-2006-0146

CVE.ORG link : CVE-2006-0146

JSON object : View

Products Affected

postnuke_software_foundation

the_cacti_group

moodle

mantis

john_lim

mediabeez

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')