CVE-2006-0147

2006-01-0923:03:00

Debian Security Bug Tracker

security-tracker.debian.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.027 Low

EPSS

Percentile

90.5%

JSON

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.

OSVersionArchitecturePackageVersionFilename
Debian12allcacti< 0.8.6d-1cacti_0.8.6d-1_all.deb
Debian11allcacti< 0.8.6d-1cacti_0.8.6d-1_all.deb
Debian10allcacti< 0.8.6d-1cacti_0.8.6d-1_all.deb
Debian999allcacti< 0.8.6d-1cacti_0.8.6d-1_all.deb
Debian13allcacti< 0.8.6d-1cacti_0.8.6d-1_all.deb
Debian12alllibphp-adodb< 4.72-0.1libphp-adodb_4.72-0.1_all.deb
Debian11alllibphp-adodb< 4.72-0.1libphp-adodb_4.72-0.1_all.deb
Debian10alllibphp-adodb< 4.72-0.1libphp-adodb_4.72-0.1_all.deb
Debian999alllibphp-adodb< 4.72-0.1libphp-adodb_4.72-0.1_all.deb
Debian13alllibphp-adodb< 4.72-0.1libphp-adodb_4.72-0.1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	cacti	< 0.8.6d-1	cacti_0.8.6d-1_all.deb
Debian	11	all	cacti	< 0.8.6d-1	cacti_0.8.6d-1_all.deb
Debian	10	all	cacti	< 0.8.6d-1	cacti_0.8.6d-1_all.deb
Debian	999	all	cacti	< 0.8.6d-1	cacti_0.8.6d-1_all.deb
Debian	13	all	cacti	< 0.8.6d-1	cacti_0.8.6d-1_all.deb
Debian	12	all	libphp-adodb	< 4.72-0.1	libphp-adodb_4.72-0.1_all.deb
Debian	11	all	libphp-adodb	< 4.72-0.1	libphp-adodb_4.72-0.1_all.deb
Debian	10	all	libphp-adodb	< 4.72-0.1	libphp-adodb_4.72-0.1_all.deb
Debian	999	all	libphp-adodb	< 4.72-0.1	libphp-adodb_4.72-0.1_all.deb
Debian	13	all	libphp-adodb	< 4.72-0.1	libphp-adodb_4.72-0.1_all.deb