Home > Vulnerability Database > CVE-2006-0146

Mend.io Vulnerability Database

CVE-2006-0146

Date: January 9, 2006

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.

Severity Score

7.3

Related Resources (43)

Url: http://www.vupen.com/english/advisories/2006/0101

Url: http://www.maxdev.com/Article550.phtml

Url: http://secunia.com/advisories/17418

Url: http://www.xaraya.com/index.php/news/569

Url: https://nvd.nist.gov/vuln/detail/CVE-2006-0146

Url: http://secunia.com/advisories/19699

Url: http://secunia.com/advisories/18720

Url: http://secunia.com/advisories/18267

Url: http://secunia.com/secunia_research/2005-64/advisory/

Url: http://secunia.com/advisories/19555

Url: http://secunia.com/advisories/18254

Url: http://secunia.com/advisories/18276

Url: http://secunia.com/advisories/19563

Url: http://www.securityfocus.com/archive/1/430448/100/0/threaded

Url: http://secunia.com/advisories/18233

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/24051

Url: http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html

Url: http://www.vupen.com/english/advisories/2006/1305

Url: http://www.debian.org/security/2006/dsa-1030

Url: http://www.debian.org/security/2006/dsa-1031

Url: http://www.vupen.com/english/advisories/2006/1304

Url: http://www.osvdb.org/22290

Url: http://www.securityfocus.com/bid/16187

Url: http://www.vupen.com/english/advisories/2006/0370

Url: http://www.securityfocus.com/archive/1/423784/100/0/threaded

Url: http://www.debian.org/security/2006/dsa-1029

Url: http://secunia.com/advisories/19600

Url: http://secunia.com/advisories/24954

Url: http://www.securityfocus.com/archive/1/466171/100/0/threaded

Url: http://secunia.com/advisories/19691

Url: http://www.vupen.com/english/advisories/2006/1419

Url: http://secunia.com/advisories/19590

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2006-0146

Url: http://secunia.com/advisories/19591

Url: http://secunia.com/advisories/18260

Url: http://www.vupen.com/english/advisories/2006/0447

Url: http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml

Url: http://www.vupen.com/english/advisories/2006/0103

Url: http://www.vupen.com/english/advisories/2006/0102

Url: http://www.vupen.com/english/advisories/2006/0105

Url: http://securityreason.com/securityalert/713

Url: http://www.vupen.com/english/advisories/2006/0104

Url: https://www.mend.io/vulnerability-database/CVE-2006-0146

Severity Score

7.3

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2006-0146

Date: January 9, 2006

Severity Score

Related Resources (43)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?