7 matches found
CVE-2006-0146
CVE-2006-0146 affects ADOdb for PHP (before 4.70) used by Moodle, Cacti, Mantis, PostNuke, Xaraya, PHPOpenChat, MAXdev MD-Pro, MediaBeez, etc. The vulnerability arises from the MySQL root password being empty, enabling remote SQL execution via the sql parameter. Connected OpenVAS advisories corro...
CVE-2006-0147
The CVE-2006-0147 issue is a dynamic code evaluation vulnerability in ADOdb for PHP (tests/tmssql.php) prior to version 4.70, permitting remote attackers to execute arbitrary PHP functions via the do parameter (demonstrated with phpinfo). It affects multiple products that vendor-integrate ADOdb, ...
CVE-2006-0806
CVE-2006-0806 corresponds to multiple cross-site scripting flaws in ADOdb 4.71 (and possibly earlier) as used by projects like phpESP. The advisories describe XSS that can be triggered through input sanitisation weaknesses, notably via the next_page parameter in adodb-pager.inc.php and other vect...
CVE-2006-0410
CVE-2006-0410 describes an SQL injection vulnerability in ADOdb prior to 4.71 when used with PostgreSQL. The root cause is insufficient input sanitisation, allowing remote attackers to craft inputs (notably involving binary strings) that lead to arbitrary SQL commands being executed. Reported imp...
CVE-2006-4618
CVE-2006-4618 : PHP remote file inclusion in the ADODB PostgreSQL integration (adodb-postgres7.inc.php) within John Lim ADOdb, potentially affected versions ≤ 4.01, used by Intechnic In-link 2.3.4. An attacker can supply a URL via the ADODB_DIR parameter to execute arbitrary PHP code on the serve...
CVE-2011-3699
The CVE-2011-3699 entry concerns John Lim’s ADOdb Library for PHP 5.11, where a direct request to a .php file can disclose the installation path via an error message. This is an information-disclosure vulnerability that does not specify exploit vectors beyond an HTTP request and relies on error o...
CVE-2004-2664
The CVE-2004-2664 entry concerns the John Lim ADOdb Library for PHP prior to 4.23. The vulnerability arises when direct requests to certain scripts cause ADODB_DIR to be undefined, leading to an error message that reveals the installation path. This is an information-disclosure flaw that can aid ...