MitreCVELIST:CVE-2006-0146CVE-2006-0146
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
References
retrogod.altervista.org/phpopenchat_30x_sql_xpl.html
secunia.com/advisories/17418
secunia.com/advisories/18233
secunia.com/advisories/18254
secunia.com/advisories/18260
secunia.com/advisories/18267
secunia.com/advisories/18276
secunia.com/advisories/18720
secunia.com/advisories/19555
secunia.com/advisories/19563
secunia.com/advisories/19590
secunia.com/advisories/19591
secunia.com/advisories/19600
secunia.com/advisories/19691
secunia.com/advisories/19699
secunia.com/advisories/24954
secunia.com/secunia_research/2005-64/advisory/
securityreason.com/securityalert/713
www.debian.org/security/2006/dsa-1029
www.debian.org/security/2006/dsa-1030
www.debian.org/security/2006/dsa-1031
www.gentoo.org/security/en/glsa/glsa-200604-07.xml
www.maxdev.com/Article550.phtml
www.osvdb.org/22290
www.securityfocus.com/archive/1/423784/100/0/threaded
www.securityfocus.com/archive/1/430448/100/0/threaded
www.securityfocus.com/archive/1/466171/100/0/threaded
www.securityfocus.com/bid/16187
www.vupen.com/english/advisories/2006/0101
www.vupen.com/english/advisories/2006/0102
www.vupen.com/english/advisories/2006/0103
www.vupen.com/english/advisories/2006/0104
www.vupen.com/english/advisories/2006/0105
www.vupen.com/english/advisories/2006/0370
www.vupen.com/english/advisories/2006/0447
www.vupen.com/english/advisories/2006/1304
www.vupen.com/english/advisories/2006/1305
www.vupen.com/english/advisories/2006/1419
www.xaraya.com/index.php/news/569
exchange.xforce.ibmcloud.com/vulnerabilities/24051
Related
