Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2006-0146

Опубликовано: 09 янв. 2006
Источник: nvd
CVSS2: 7.5
EPSS Низкий

Описание

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:john_lim:adodb:4.66:*:*:*:*:*:*:*
cpe:2.3:a:john_lim:adodb:4.68:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*
cpe:2.3:a:mediabeez:mediabeez:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.761:*:*:*:*:*:*:*
cpe:2.3:a:the_cacti_group:cacti:0.8.6g:*:*:*:*:*:*:*

EPSS

Процентиль: 92%
0.08392
Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

ubuntu логотип

CVE-2006-0146

ubuntu
больше 19 лет назад

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.

debian логотип

CVE-2006-0146

debian
больше 19 лет назад

The server.php test script in ADOdb for PHP before 4.70, as used in mu ...

github логотип

GHSA-q9q3-j7rw-3j95

github
около 3 лет назад

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.

EPSS

Процентиль: 92%
0.08392
Низкий

7.5 High

CVSS2

Дефекты

CWE-89