Vulnerabilities > CVE-2006-0410 - SQL Injection vulnerability in John LIM Adodb 4.66/4.68/4.70

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
john-lim
nessus

Summary

SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings.

Vulnerable Configurations

Part Description Count
Application
John_Lim
3

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1031.NASL
    descriptionSeveral vulnerabilities have been discovered in libphp-adodb, the
    last seen2020-06-01
    modified2020-06-02
    plugin id22573
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22573
    titleDebian DSA-1031-1 : cacti - several vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200602-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200602-02 (ADOdb: PostgreSQL command injection) Andy Staudacher discovered that ADOdb does not properly sanitize all parameters. Impact : By sending specifically crafted requests to an application that uses ADOdb and a PostgreSQL backend, an attacker might exploit the flaw to execute arbitrary SQL queries on the host. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id20873
    published2006-02-10
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20873
    titleGLSA-200602-02 : ADOdb: PostgreSQL command injection
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1030.NASL
    descriptionSeveral vulnerabilities have been discovered in libphp-adodb, the
    last seen2020-06-01
    modified2020-06-02
    plugin id22572
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22572
    titleDebian DSA-1030-1 : moodle - several vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200604-07.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200604-07 (Cacti: Multiple vulnerabilities in included ADOdb) Several vulnerabilities have been identified in the copy of ADOdb included in Cacti. Andreas Sandblad discovered a dynamic code evaluation vulnerability (CVE-2006-0147) and a potential SQL injection vulnerability (CVE-2006-0146). Andy Staudacher reported another SQL injection vulnerability (CVE-2006-0410), and Gulftech Security discovered multiple cross-site-scripting issues (CVE-2006-0806). Impact : Remote attackers could trigger these vulnerabilities by sending malicious queries to the Cacti web application, resulting in arbitrary code execution, database compromise through arbitrary SQL execution, and malicious HTML or JavaScript code injection. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id21231
    published2006-04-17
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21231
    titleGLSA-200604-07 : Cacti: Multiple vulnerabilities in included ADOdb
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1029.NASL
    descriptionSeveral vulnerabilities have been discovered in libphp-adodb, the
    last seen2020-06-01
    modified2020-06-02
    plugin id22571
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22571
    titleDebian DSA-1029-1 : libphp-adodb - several vulnerabilities