CVE-2006-0147

NameCVE-2006-0147
DescriptionDynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1029-1, DSA-1030-1, DSA-1031-1
NVD severityhigh
Debian Bugs349985

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cacti (PTS)stretch (security), stretch0.8.8h+ds1-10+deb9u1fixed
buster1.2.2+ds1-2+deb10u3fixed
buster (security)1.2.2+ds1-2+deb10u2fixed
bullseye, sid1.2.14+ds1-1fixed
libphp-adodb (PTS)stretch5.20.9-1fixed
buster5.20.14-1fixed
bullseye, sid5.20.18-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cactisourcesarge0.8.6c-7sarge3DSA-1031-1
cactisource(unstable)0.8.6d-1medium
libphp-adodbsourcewoody1.51-1.2DSA-1029-1
libphp-adodbsourcesarge4.52-1sarge1DSA-1029-1
libphp-adodbsource(unstable)4.72-0.1medium349985
moodlesourcesarge1.4.4.dfsg.1-3sarge1DSA-1030-1
moodlesource(unstable)1.6.3-2medium

Notes

exact moodle fixed version not known, but at least <= 1.6.3-2

Search for package or bug name: Reporting problems