Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-0147

6 documents6 sources
Severity
7.5HIGH
EPSS
29.7%
top 3.38%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
John LIM AdodbMantis MantisMoodle Moodle+2 more
Timeline
PublishedJan 9
Latest updateMay 1

Description

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages7 packages

Debiancacti< 0.8.6d-1+3
Debianlibphp-adodb< 4.72-0.1+3
NVDmantis/mantis0.19.4, 1.0.0_rc4+1
NVDmoodle/moodle1.5.3
NVDjohn_lim/adodb4.66, 4.68+1

Patches

Patch: secunia.comPatch: secunia.comPatch: secunia.com

🔴Vulnerability Details

3
GHSA
GHSA-8348-4394-v2hm: Dynamic code evaluation vulnerability in tests/tmssql2022-05-01
CVEList
CVE-2006-0147: Dynamic code evaluation vulnerability in tests/tmssql2006-01-09
OSV
CVE-2006-0147: Dynamic code evaluation vulnerability in tests/tmssql2006-01-09

💥Exploits & PoCs

1
Exploit-DB
Simplog 0.9.2 - 's' Remote Command Execution2006-04-11

📋Vendor Advisories

1
Debian
CVE-2006-0147: cacti - Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb f...2006
CVE-2006-0147 (HIGH CVSS 7.5) | Dynamic code evaluation vulnerabili | cvebase.io