The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
References
Configurations
Configuration 1 (hide)
|
History
14 Feb 2024, 01:17
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) http://www.maxdev.com/Article550.phtml - URL Repurposed |
Information
Published : 2006-01-09 23:03
Updated : 2024-02-28 10:42
NVD link : CVE-2006-0146
Mitre link : CVE-2006-0146
CVE.ORG link : CVE-2006-0146
JSON object : View
Products Affected
john_lim
- adodb
moodle
- moodle
mantis
- mantis
postnuke_software_foundation
- postnuke
mediabeez
- mediabeez
the_cacti_group
- cacti
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')