Vulnerabilities > CVE-2006-0410 - SQL Injection vulnerability in John LIM Adodb 4.66/4.68/4.70
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1031.NASL description Several vulnerabilities have been discovered in libphp-adodb, the last seen 2020-06-01 modified 2020-06-02 plugin id 22573 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22573 title Debian DSA-1031-1 : cacti - several vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200602-02.NASL description The remote host is affected by the vulnerability described in GLSA-200602-02 (ADOdb: PostgreSQL command injection) Andy Staudacher discovered that ADOdb does not properly sanitize all parameters. Impact : By sending specifically crafted requests to an application that uses ADOdb and a PostgreSQL backend, an attacker might exploit the flaw to execute arbitrary SQL queries on the host. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 20873 published 2006-02-10 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20873 title GLSA-200602-02 : ADOdb: PostgreSQL command injection NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1030.NASL description Several vulnerabilities have been discovered in libphp-adodb, the last seen 2020-06-01 modified 2020-06-02 plugin id 22572 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22572 title Debian DSA-1030-1 : moodle - several vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200604-07.NASL description The remote host is affected by the vulnerability described in GLSA-200604-07 (Cacti: Multiple vulnerabilities in included ADOdb) Several vulnerabilities have been identified in the copy of ADOdb included in Cacti. Andreas Sandblad discovered a dynamic code evaluation vulnerability (CVE-2006-0147) and a potential SQL injection vulnerability (CVE-2006-0146). Andy Staudacher reported another SQL injection vulnerability (CVE-2006-0410), and Gulftech Security discovered multiple cross-site-scripting issues (CVE-2006-0806). Impact : Remote attackers could trigger these vulnerabilities by sending malicious queries to the Cacti web application, resulting in arbitrary code execution, database compromise through arbitrary SQL execution, and malicious HTML or JavaScript code injection. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 21231 published 2006-04-17 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21231 title GLSA-200604-07 : Cacti: Multiple vulnerabilities in included ADOdb NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1029.NASL description Several vulnerabilities have been discovered in libphp-adodb, the last seen 2020-06-01 modified 2020-06-02 plugin id 22571 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22571 title Debian DSA-1029-1 : libphp-adodb - several vulnerabilities
References
- http://secunia.com/advisories/18575
- http://secunia.com/advisories/18732
- http://secunia.com/advisories/18745
- http://secunia.com/advisories/19555
- http://secunia.com/advisories/19590
- http://secunia.com/advisories/19591
- http://secunia.com/advisories/19691
- http://sourceforge.net/project/shownotes.php?release_id=387862&group_id=42718
- http://www.debian.org/security/2006/dsa-1029
- http://www.debian.org/security/2006/dsa-1030
- http://www.debian.org/security/2006/dsa-1031
- http://www.gentoo.org/security/en/glsa/glsa-200602-02.xml
- http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml
- http://www.osvdb.org/22705
- http://www.securityfocus.com/bid/16364
- http://www.vupen.com/english/advisories/2006/0315
- http://www.vupen.com/english/advisories/2006/0448
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24314