CVE-2006-0147

Published: Jan 9, 2006Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.

Affected (7)

Products: John Lim: Adodb · Mantis: Mantis · Moodle: Moodle · +2 more

Show all products

John Lim: Adodb · Mantis: Mantis · Moodle: Moodle · Postnuke Software Foundation: Postnuke · The Cacti Group: Cacti

1 product

1 product

1 product

Postnuke Software Foundation

1 product

Postnuke

The Cacti Group

1 product

Cacti

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
John Lim Adodb	Version 4.66
John Lim Adodb	Version 4.68
Mantis Mantis	Version 0.19.4
Mantis Mantis	Version 1.0.0_rc4
Moodle Moodle	Version 1.5.3
Postnuke Software Foundation Postnuke	Version 0.761
The Cacti Group Cacti	Version 0.8.6g

References (60)

http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html

Source: cve@mitre.org

Exploit

http://retrogod.altervista.org/simplog_092_incl_xpl.html

Source: cve@mitre.org

Exploit

http://secunia.com/advisories/17418

Source: cve@mitre.org

ExploitPatchVendor Advisory

http://secunia.com/advisories/18233

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/18254

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/18260

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/18267

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/18276

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/19555

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/19590

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/19591

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/19600

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/19628

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/19691

Source: cve@mitre.org

http://secunia.com/secunia_research/2005-64/advisory/

Source: cve@mitre.org

ExploitPatchVendor Advisory

http://www.debian.org/security/2006/dsa-1029

Source: cve@mitre.org

PatchVendor Advisory

http://www.debian.org/security/2006/dsa-1030

Source: cve@mitre.org

PatchVendor Advisory

http://www.debian.org/security/2006/dsa-1031

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml

Source: cve@mitre.org

PatchVendor Advisory

http://www.osvdb.org/22291

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/430448/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/430743/100/0/threaded

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/0101

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/0102

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/0103

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/0104

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/1305

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/1332

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/24052

Source: cve@mitre.org

https://www.exploit-db.com/exploits/1663

Source: cve@mitre.org

http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html