CVE-2006-0146

ADOdb for PHP < 4.70 - Unauthenticated SQL Injection via server.php sql Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0146.

AI-analyzed exploit summary This exploit leverages a file inclusion vulnerability in Simplog <= 0.9.2 by injecting a remote URL via the 's' parameter, leading to remote command execution. The script sends a crafted HTTP request with the malicious payload embedded in cookies.

Description

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.

Exploits (1)

exploitdb WORKING POC
phpwebappsphp
https://www.exploit-db.com/exploits/1663

This exploit leverages a file inclusion vulnerability in Simplog <= 0.9.2 by injecting a remote URL via the 's' parameter, leading to remote command execution. The script sends a crafted HTTP request with the malicious payload embedded in cookies.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Simplog <= 0.9.2
No auth needed
Prerequisites: allow_url_fopen enabled on the target server · remote server hosting the malicious PHP code
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (40)

Core 40
Core References
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19590
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18267
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18254
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19555
Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2006/dsa-1029
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/430448/100/0/threaded
URL Repurposed x_refsource_confirm
http://www.maxdev.com/Article550.phtml
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0105
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19699
Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2006/dsa-1030
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1305
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24954
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18276
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/713
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1304
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19600
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/466171/100/0/threaded
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0103
Exploit, Patch, Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2005-64/advisory/
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16187
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18720
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1419
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19591
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0447
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24051
Exploit, Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17418
Patch x_refsource_confirm
http://www.xaraya.com/index.php/news/569
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19691
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0102
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0101
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18233
Exploit, Patch vdb-entry x_refsource_osvdb
http://www.osvdb.org/22290
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0370
Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2006/dsa-1031
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/423784/100/0/threaded
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0104
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18260
Patch, Vendor Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19563

Scores

EPSS 0.0947
EPSS Percentile 93.0%

Details

CWE
CWE-89
Status published
Products (8)
john_lim/adodb 4.66
john_lim/adodb 4.68
mantis/mantis 0.19.4
mantis/mantis 1.0.0_rc4
mediabeez/mediabeez
moodle/moodle 1.5.3
postnuke_software_foundation/postnuke 0.761
the_cacti_group/cacti 0.8.6g
Published Jan 09, 2006
Tracked Since Feb 18, 2026