Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2006-01-09T23:00:00
Updated: 2024-08-07T16:25:33.633Z
Reserved: 2006-01-09T00:00:00
Link: CVE-2006-0147
Vulnrichment
No data.
NVD
Status : Modified
Published: 2006-01-09T23:03:00.000
Modified: 2024-11-21T00:05:45.497
Link: CVE-2006-0147
Redhat
No data.