Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-0806

CWE-79Cross-site Scripting (XSS)6 documents6 sources
Severity
4.3MEDIUM
EPSS
12.6%
top 6.03%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
John LIM Adodb
Timeline
PublishedFeb 21
Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

Debianlibphp-adodb< 4.72-0.1+3
NVDjohn_lim/adodb4 versions+3
Debiancacti< 0.8.6d-1+3

🔴Vulnerability Details

3
GHSA
GHSA-44cj-54hp-jr6f: Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 42022-05-01
OSV
CVE-2006-0806: Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 42006-02-21
CVEList
CVE-2006-0806: Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 42006-02-21

💥Exploits & PoCs

1
Exploit-DB
ADOdb < 4.71 - Cross Site Scripting2016-02-18

📋Vendor Advisories

1
Debian
CVE-2006-0806: cacti - Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in mu...2006
CVE-2006-0806 (MEDIUM CVSS 4.3) | Multiple cross-site scripting (XSS) | cvebase.io