CVE-2006-0410

NameCVE-2006-0410
DescriptionSQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1029-1, DSA-1030-1, DSA-1031-1
NVD severitymedium (attack range: remote)
Debian Bugs349985, 360395
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cacti (PTS)squeeze (security), squeeze0.8.7g-1+squeeze3fixed
squeeze (lts)0.8.7g-1+squeeze5fixed
wheezy, wheezy (security)0.8.8a+dfsg-5+deb7u4fixed
jessie, sid0.8.8b+dfsg-8fixed
libphp-adodb (PTS)squeeze5.10-1fixed
jessie, sid, wheezy5.15-1fixed
moodle (PTS)squeeze1.9.9.dfsg2-2.1+squeeze4fixed
squeeze (security)1.9.9.dfsg2-2.1+squeeze3fixed
sid2.7.7+dfsg-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cactisource(unstable)0.8.6d-1medium
cactisourcesarge0.8.6c-7sarge3mediumDSA-1031-1
libphp-adodbsource(unstable)4.72-0.1medium349985
libphp-adodbsourcesarge4.52-1sarge1mediumDSA-1029-1
libphp-adodbsourcewoody1.51-1.2mediumDSA-1029-1
moodlesource(unstable)1.6-1medium360395
moodlesourcesarge1.4.4.dfsg.1-3sarge1mediumDSA-1030-1

Search for package or bug name: Reporting problems