CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-0147

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.212

EPSS Ranking 95.3%

CVSS Severity

CVSS v2 Score 7.5

References

Products affected by CVE-2006-0147

John Lim » Adodb » Version: 4.66

cpe:2.3:a:john_lim:adodb:4.66
John Lim » Adodb » Version: 4.68

cpe:2.3:a:john_lim:adodb:4.68
Mantis » Mantis » Version: 0.19.4

cpe:2.3:a:mantis:mantis:0.19.4
Mantis » Mantis » Version: 1.0.0_rc4

cpe:2.3:a:mantis:mantis:1.0.0_rc4
Moodle » Moodle » Version: 1.5.3

cpe:2.3:a:moodle:moodle:1.5.3
Postnuke Software Foundation » Postnuke » Version: 0.761

cpe:2.3:a:postnuke_software_foundation:postnuke:0.761
The Cacti Group » Cacti » Version: 0.8.6g

cpe:2.3:a:the_cacti_group:cacti:0.8.6g

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-0147

Products

Pricing

Contact Us