CVE-2006-0147

Severity

75%

Complexity

99%

Confidentiality

106%

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 19 years ago

2006-01-09 23:03:00

Last updated 6 years ago

2018-10-19 15:42:00

Affected Software

Moodle 1.5.3

1.5.3

References

http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html

Exploit

http://retrogod.altervista.org/simplog_092_incl_xpl.html

Exploit

17418

Exploit, Patch, Vendor Advisory

18233

Patch, Vendor Advisory

18254

Patch, Vendor Advisory

18260

Patch, Vendor Advisory

18267

Vendor Advisory

18276

Patch, Vendor Advisory

19555

Patch, Vendor Advisory

19590

Patch, Vendor Advisory

19591

Patch, Vendor Advisory

19600

Vendor Advisory

19628

Patch, Vendor Advisory

19691

http://secunia.com/secunia_research/2005-64/advisory/

Exploit, Patch, Vendor Advisory

DSA-1029

Patch, Vendor Advisory

DSA-1030

Patch, Vendor Advisory

DSA-1031

GLSA-200604-07

Patch, Vendor Advisory

22291

20060409 PhpOpenChat 3.0.x ADODB Server.php "sql" SQL injection

20060412 Simplog <=0.9.2 multiple vulnerabilities

ADV-2006-0101

ADV-2006-0102

ADV-2006-0103

ADV-2006-0104

ADV-2006-1305

ADV-2006-1332

adodb-tmssql-command-execution(24052)

1663

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.