Vulnerabilities > CVE-2006-0147 - Remote Security vulnerability in Moodle

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
john-lim
mantis
moodle
postnuke-software-foundation
the-cacti-group
nessus
exploit available
NVD
Published: 2006-01-09
Updated: 2018-10-19

Summary

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.

Vulnerable Configurations

Part Description Count
Application
John_Lim
2
Application
Mantis
2
Application
Moodle
1
Application
Postnuke_Software_Foundation
1
Application
The_Cacti_Group
1

Exploit-Db

descriptionSimplog <= 0.9.2 (s) Remote Commands Execution Exploit. CVE-2006-0146,CVE-2006-0147,CVE-2006-1776,CVE-2006-1777,CVE-2006-1778,CVE-2006-1779,CVE-2006-2029....
fileexploits/php/webapps/1663.php
idEDB-ID:1663
last seen2016-01-31
modified2006-04-11
platformphp
port
published2006-04-11
reporterrgod
sourcehttps://www.exploit-db.com/download/1663/
titleSimplog <= 0.9.2 s Remote Commands Execution Exploit
typewebapps

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1031.NASL
    descriptionSeveral vulnerabilities have been discovered in libphp-adodb, the
    last seen2020-06-01
    modified2020-06-02
    plugin id22573
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22573
    titleDebian DSA-1031-1 : cacti - several vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1030.NASL
    descriptionSeveral vulnerabilities have been discovered in libphp-adodb, the
    last seen2020-06-01
    modified2020-06-02
    plugin id22572
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22572
    titleDebian DSA-1030-1 : moodle - several vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200604-07.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200604-07 (Cacti: Multiple vulnerabilities in included ADOdb) Several vulnerabilities have been identified in the copy of ADOdb included in Cacti. Andreas Sandblad discovered a dynamic code evaluation vulnerability (CVE-2006-0147) and a potential SQL injection vulnerability (CVE-2006-0146). Andy Staudacher reported another SQL injection vulnerability (CVE-2006-0410), and Gulftech Security discovered multiple cross-site-scripting issues (CVE-2006-0806). Impact : Remote attackers could trigger these vulnerabilities by sending malicious queries to the Cacti web application, resulting in arbitrary code execution, database compromise through arbitrary SQL execution, and malicious HTML or JavaScript code injection. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id21231
    published2006-04-17
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21231
    titleGLSA-200604-07 : Cacti: Multiple vulnerabilities in included ADOdb
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1029.NASL
    descriptionSeveral vulnerabilities have been discovered in libphp-adodb, the
    last seen2020-06-01
    modified2020-06-02
    plugin id22571
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22571
    titleDebian DSA-1029-1 : libphp-adodb - several vulnerabilities
  • NASL familyCGI abuses
    NASL idADODB_DO_CMD_EXECUTION.NASL
    descriptionThe remote host is running ADOdb, a database abstraction library for PHP. The installed version of ADOdb includes a test script named
    last seen2020-06-01
    modified2020-06-02
    plugin id20384
    published2006-01-10
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20384
    titleADOdb tmssql.php do Parameter Arbitrary PHP Function Execution

References