CVE-2006-0146

John LIM Adodb - SQL Injection

Title source: rule

Description

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.

Exploits (1)

exploitdb WORKING POC

phpwebappsphp

https://www.exploit-db.com/exploits/1663

View Code ZIP pw:eip

References (40)

[Exploit] http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html

[Exploit, Patch, Vendor Advisory] http://secunia.com/advisories/17418

[Patch, Vendor Advisory] http://secunia.com/advisories/18233

[Vendor Advisory] http://secunia.com/advisories/18254

[Patch, Vendor Advisory] http://secunia.com/advisories/18260

[Vendor Advisory] http://secunia.com/advisories/18267

[Patch, Vendor Advisory] http://secunia.com/advisories/18276

[Patch, Vendor Advisory] http://secunia.com/advisories/18720

[Patch, Vendor Advisory] http://secunia.com/advisories/19555

[Patch, Vendor Advisory] http://secunia.com/advisories/19563

[Patch, Vendor Advisory] http://secunia.com/advisories/19590

[Patch, Vendor Advisory] http://secunia.com/advisories/19591

[Vendor Advisory] http://secunia.com/advisories/19600

[Vendor Advisory] http://secunia.com/advisories/19691

[Patch, Vendor Advisory] http://secunia.com/advisories/19699

[Vendor Advisory] http://secunia.com/advisories/24954

[Exploit, Patch, Vendor Advisory] http://secunia.com/secunia_research/2005-64/advisory/

[Patch, Vendor Advisory] http://www.debian.org/security/2006/dsa-1029

[Patch, Vendor Advisory] http://www.debian.org/security/2006/dsa-1030

[Patch, Vendor Advisory] http://www.debian.org/security/2006/dsa-1031

... and 20 more

Scores

EPSS 0.0947

EPSS Percentile 92.8%

Details

CWE

CWE-89

Status published

Products (8)

john_lim/adodb 4.66

john_lim/adodb 4.68

mantis/mantis 0.19.4

mantis/mantis 1.0.0_rc4

mediabeez/mediabeez

moodle/moodle 1.5.3

postnuke_software_foundation/postnuke 0.761

the_cacti_group/cacti 0.8.6g

Published Jan 09, 2006

Tracked Since Feb 18, 2026