Vulnerabilities > John LIM > Adodb > 4.66
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-02-21 | CVE-2006-0806 | Cross-Site Scripting vulnerability in John LIM Adodb Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF. | 4.3 |
2006-01-25 | CVE-2006-0410 | SQL Injection vulnerability in John LIM Adodb 4.66/4.68/4.70 SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings. | 5.0 |
2006-01-09 | CVE-2006-0147 | Remote Security vulnerability in Moodle Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo. | 7.5 |