Lucene search

PRIOn knowledge basePRION:CVE-2006-0146

HistoryJan 09, 2006 - 11:03 p.m.

Sql injection

2006-01-0923:03:00

PRIOn knowledge base

www.prio-n.com

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.075 Low

EPSS

Percentile

93.9%

JSON

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.

CPENameOperatorVersion
adodbeq4.66
adodbeq4.68
mantiseq1.0.0-rc4
mantiseq0.19.4
moodleeq1.5.3
postnukeeq0.761
cactieq0.8.6103

Name	Operator	Version
adodb	eq	4.66
adodb	eq	4.68
mantis	eq	1.0.0-rc4
mantis	eq	0.19.4
moodle	eq	1.5.3
postnuke	eq	0.761
cacti	eq	0.8.6103

References

retrogod.altervista.org/phpopenchat_30x_sql_xpl.html

secunia.com/advisories/17418

secunia.com/advisories/18233

secunia.com/advisories/18254

secunia.com/advisories/18260

secunia.com/advisories/18267

secunia.com/advisories/18276

secunia.com/advisories/18720

secunia.com/advisories/19555

secunia.com/advisories/19563

secunia.com/advisories/19590

secunia.com/advisories/19591

secunia.com/advisories/19600

secunia.com/advisories/19691

secunia.com/advisories/19699

secunia.com/advisories/24954

secunia.com/secunia_research/2005-64/advisory/

securityreason.com/securityalert/713

www.debian.org/security/2006/dsa-1029

www.debian.org/security/2006/dsa-1030

www.debian.org/security/2006/dsa-1031

www.gentoo.org/security/en/glsa/glsa-200604-07.xml

www.maxdev.com/Article550.phtml

www.osvdb.org/22290

www.securityfocus.com/archive/1/423784/100/0/threaded

www.securityfocus.com/archive/1/430448/100/0/threaded

www.securityfocus.com/archive/1/466171/100/0/threaded

www.securityfocus.com/bid/16187

www.vupen.com/english/advisories/2006/0101

www.vupen.com/english/advisories/2006/0102

www.vupen.com/english/advisories/2006/0103

www.vupen.com/english/advisories/2006/0104

www.vupen.com/english/advisories/2006/0105

www.vupen.com/english/advisories/2006/0370

www.vupen.com/english/advisories/2006/0447

www.vupen.com/english/advisories/2006/1304

www.vupen.com/english/advisories/2006/1305

www.vupen.com/english/advisories/2006/1419

www.xaraya.com/index.php/news/569

exchange.xforce.ibmcloud.com/vulnerabilities/24051

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.075 Low

EPSS

Percentile

93.9%

JSON

Related for PRION:CVE-2006-0146