Vulnerability DatabaseCVE-2006-0147
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2006-0147
January 09, 2006
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.
Related Resources (31)
http://secunia.com/advisories/19628
http://www.vupen.com/english/advisories/2006/0103
http://www.vupen.com/english/advisories/2006/1305
http://secunia.com/advisories/19600
http://secunia.com/advisories/19590
http://www.debian.org/security/2006/dsa-1031
http://secunia.com/advisories/17418
http://secunia.com/secunia_research/2005-64/advisory/
http://secunia.com/advisories/19691
http://secunia.com/advisories/18276
http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html
http://www.securityfocus.com/archive/1/430448/100/0/threaded
https://www.exploit-db.com/exploits/1663
http://secunia.com/advisories/18267
http://retrogod.altervista.org/simplog_092_incl_xpl.html
http://secunia.com/advisories/18254
http://www.vupen.com/english/advisories/2006/0102
http://www.vupen.com/english/advisories/2006/0101
http://www.vupen.com/english/advisories/2006/1332
http://www.osvdb.org/22291
http://secunia.com/advisories/18260
https://exchange.xforce.ibmcloud.com/vulnerabilities/24052
http://secunia.com/advisories/18233
http://www.securityfocus.com/archive/1/430743/100/0/threaded
http://www.debian.org/security/2006/dsa-1030
https://people.canonical.com/~ubuntu-security/cve/CVE-2006-0147
http://secunia.com/advisories/19555
http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml
http://secunia.com/advisories/19591
http://www.debian.org/security/2006/dsa-1029
http://www.vupen.com/english/advisories/2006/0104
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.9
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
CVSS v2
Base Score:
7.5
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
EPSS
Base Score:
21.17