Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2006-0147 | First vendor Publication | 2006-01-09 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0147 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 2 | |
| Application | 2 | |
| Application | 1 | |
| Application | 1 | |
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200604-07 (Cacti) File : nvt/glsa_200604_07.nasl |
| 2008-09-04 | Name : FreeBSD Ports: cacti File : nvt/freebsd_cacti2.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1029-1 (libphp-adodb) File : nvt/deb_1029_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1030-1 (moodle) File : nvt/deb_1030_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1031-1 (cacti) File : nvt/deb_1031_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 22291 | ADOdb tmssql.php do Variable Arbitrary PHP Function Execution ADOdb contains a flaw that may allow a malicious user to execute arbitrary PHP functions via the 'do' parameter. The issue is triggered due to the insecure tests/tmssql.php test script. It is possible that the flaw may result in a loss of integrity. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1029.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1030.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1031.nasl - Type : ACT_GATHER_INFO |
| 2006-04-17 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200604-07.nasl - Type : ACT_GATHER_INFO |
| 2006-01-10 | Name : The remote web server has a PHP script that allows execution of arbitrary code. File : adodb_do_cmd_execution.nasl - Type : ACT_ATTACK |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:21:09 |
|
| 2024-11-28 12:08:11 |
|
| 2021-05-04 12:03:37 |
|
| 2021-04-22 01:04:06 |
|
| 2020-05-23 00:17:18 |
|
| 2018-10-19 21:19:44 |
|
| 2017-10-19 09:23:47 |
|
| 2017-07-20 09:23:17 |
|
| 2016-06-28 15:34:02 |
|
| 2016-04-26 14:12:13 |
|
| 2014-02-17 10:34:18 |
|
| 2013-08-30 13:19:31 |
|
| 2013-05-11 10:46:40 |
|
