Lucene search

PRIOn knowledge basePRION:CVE-2006-0147

HistoryJan 09, 2006 - 11:03 p.m.

Design/Logic Flaw

2006-01-0923:03:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.027 Low

EPSS

Percentile

90.1%

JSON

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.

CPENameOperatorVersion
adodbeq4.66
adodbeq4.68
mantiseq1.0.0-rc4
mantiseq0.19.4
moodleeq1.5.3
postnukeeq0.761
cactieq0.8.6103

Name	Operator	Version
adodb	eq	4.66
adodb	eq	4.68
mantis	eq	1.0.0-rc4
mantis	eq	0.19.4
moodle	eq	1.5.3
postnuke	eq	0.761
cacti	eq	0.8.6103

References

retrogod.altervista.org/phpopenchat_30x_sql_xpl.html

retrogod.altervista.org/simplog_092_incl_xpl.html

secunia.com/advisories/17418

secunia.com/advisories/18233

secunia.com/advisories/18254

secunia.com/advisories/18260

secunia.com/advisories/18267

secunia.com/advisories/18276

secunia.com/advisories/19555

secunia.com/advisories/19590

secunia.com/advisories/19591

secunia.com/advisories/19600

secunia.com/advisories/19628

secunia.com/advisories/19691

secunia.com/secunia_research/2005-64/advisory/

www.debian.org/security/2006/dsa-1029

www.debian.org/security/2006/dsa-1030

www.debian.org/security/2006/dsa-1031

www.gentoo.org/security/en/glsa/glsa-200604-07.xml

www.osvdb.org/22291

www.securityfocus.com/archive/1/430448/100/0/threaded

www.securityfocus.com/archive/1/430743/100/0/threaded

www.vupen.com/english/advisories/2006/0101

www.vupen.com/english/advisories/2006/0102

www.vupen.com/english/advisories/2006/0103

www.vupen.com/english/advisories/2006/0104

www.vupen.com/english/advisories/2006/1305

www.vupen.com/english/advisories/2006/1332

exchange.xforce.ibmcloud.com/vulnerabilities/24052

www.exploit-db.com/exploits/1663

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.027 Low

EPSS

Percentile

90.1%

JSON

Related for PRION:CVE-2006-0147