PRIOn knowledge basePRION:CVE-2006-0147Design/Logic Flaw
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.
References
retrogod.altervista.org/phpopenchat_30x_sql_xpl.html
retrogod.altervista.org/simplog_092_incl_xpl.html
secunia.com/advisories/17418
secunia.com/advisories/18233
secunia.com/advisories/18254
secunia.com/advisories/18260
secunia.com/advisories/18267
secunia.com/advisories/18276
secunia.com/advisories/19555
secunia.com/advisories/19590
secunia.com/advisories/19591
secunia.com/advisories/19600
secunia.com/advisories/19628
secunia.com/advisories/19691
secunia.com/secunia_research/2005-64/advisory/
www.debian.org/security/2006/dsa-1029
www.debian.org/security/2006/dsa-1030
www.debian.org/security/2006/dsa-1031
www.gentoo.org/security/en/glsa/glsa-200604-07.xml
www.osvdb.org/22291
www.securityfocus.com/archive/1/430448/100/0/threaded
www.securityfocus.com/archive/1/430743/100/0/threaded
www.vupen.com/english/advisories/2006/0101
www.vupen.com/english/advisories/2006/0102
www.vupen.com/english/advisories/2006/0103
www.vupen.com/english/advisories/2006/0104
www.vupen.com/english/advisories/2006/1305
www.vupen.com/english/advisories/2006/1332
exchange.xforce.ibmcloud.com/vulnerabilities/24052
www.exploit-db.com/exploits/1663
Related
