CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-0146

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.084

EPSS Ranking 91.8%

CVSS Severity

CVSS v2 Score 7.5

References

Products affected by CVE-2006-0146

John Lim » Adodb » Version: 4.66

cpe:2.3:a:john_lim:adodb:4.66
John Lim » Adodb » Version: 4.68

cpe:2.3:a:john_lim:adodb:4.68
Mantis » Mantis » Version: 0.19.4

cpe:2.3:a:mantis:mantis:0.19.4
Mantis » Mantis » Version: 1.0.0_rc4

cpe:2.3:a:mantis:mantis:1.0.0_rc4
Mediabeez » Mediabeez » Version: Any

cpe:2.3:a:mediabeez:mediabeez:*
Moodle » Moodle » Version: 1.5.3

cpe:2.3:a:moodle:moodle:1.5.3
Postnuke Software Foundation » Postnuke » Version: 0.761

cpe:2.3:a:postnuke_software_foundation:postnuke:0.761
The Cacti Group » Cacti » Version: 0.8.6g

cpe:2.3:a:the_cacti_group:cacti:0.8.6g

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-0146

Products

Pricing

Contact Us