CVE-2006-0147

NameCVE-2006-0147
DescriptionDynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1029-1, DSA-1030-1, DSA-1031-1
NVD severityhigh (attack range: remote)
Debian Bugs349985
Debian/oldoldstablenot vulnerable.
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cacti (PTS)squeeze, squeeze (security)0.8.7g-1+squeeze3fixed
squeeze (lts)0.8.7g-1+squeeze8fixed
wheezy0.8.8a+dfsg-5+deb7u4fixed
wheezy (security)0.8.8a+dfsg-5+deb7u6fixed
jessie0.8.8b+dfsg-8fixed
jessie (security)0.8.8b+dfsg-8+deb8u2fixed
stretch, sid0.8.8f+ds1-2fixed
libphp-adodb (PTS)squeeze5.10-1fixed
jessie, wheezy5.15-1fixed
stretch, sid5.18a-1fixed
moodle (PTS)squeeze1.9.9.dfsg2-2.1+squeeze4fixed
squeeze (security)1.9.9.dfsg2-2.1+squeeze3fixed
sid2.7.9+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cactisource(unstable)0.8.6d-1medium
cactisourcesarge0.8.6c-7sarge3highDSA-1031-1
libphp-adodbsource(unstable)4.72-0.1medium349985
libphp-adodbsourcesarge4.52-1sarge1highDSA-1029-1
libphp-adodbsourcewoody1.51-1.2highDSA-1029-1
moodlesource(unstable)1.6.3-2medium
moodlesourcesarge1.4.4.dfsg.1-3sarge1highDSA-1030-1

Notes

exact moodle fixed version not known, but at least <= 1.6.3-2

Search for package or bug name: Reporting problems