CVE-2006-0147

ADOdb for PHP <4.70 - RCE

Title source: llm

Description

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1663

View Code ZIP pw:eip

References (30)

[Exploit] http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html

[Exploit] http://retrogod.altervista.org/simplog_092_incl_xpl.html

[Exploit, Patch, Vendor Advisory] http://secunia.com/advisories/17418

[Patch, Vendor Advisory] http://secunia.com/advisories/18233

[Patch, Vendor Advisory] http://secunia.com/advisories/18254

[Patch, Vendor Advisory] http://secunia.com/advisories/18260

[Vendor Advisory] http://secunia.com/advisories/18267

[Patch, Vendor Advisory] http://secunia.com/advisories/18276

[Patch, Vendor Advisory] http://secunia.com/advisories/19555

[Patch, Vendor Advisory] http://secunia.com/advisories/19590

[Patch, Vendor Advisory] http://secunia.com/advisories/19591

[Vendor Advisory] http://secunia.com/advisories/19600

[Patch, Vendor Advisory] http://secunia.com/advisories/19628

[Exploit, Patch, Vendor Advisory] http://secunia.com/secunia_research/2005-64/advisory/

[Patch, Vendor Advisory] http://www.debian.org/security/2006/dsa-1029

[Patch, Vendor Advisory] http://www.debian.org/security/2006/dsa-1030

[Patch, Vendor Advisory] http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml

[Third Party Advisory, VDB Entry] http://www.osvdb.org/22291

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/24052

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/430448/100/0/threaded

... and 10 more

Scores

EPSS 0.2966

EPSS Percentile 96.6%

Details

Status published

Products (7)

john_lim/adodb 4.66

john_lim/adodb 4.68

mantis/mantis 0.19.4

mantis/mantis 1.0.0_rc4

moodle/moodle 1.5.3

postnuke_software_foundation/postnuke 0.761

the_cacti_group/cacti 0.8.6g

Published Jan 09, 2006

Tracked Since Feb 18, 2026