CVE-2006-0147

N/A Unknown

Published: January 09, 2006 Modified: April 16, 2026

Description

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html

Source: cve@mitre.org

Exploit

http://retrogod.altervista.org/simplog_092_incl_xpl.html

Source: cve@mitre.org

Exploit

http://secunia.com/advisories/17418

Source: cve@mitre.org

Exploit Patch Vendor Advisory

http://secunia.com/advisories/18233

Source: cve@mitre.org

Patch Vendor Advisory

http://secunia.com/advisories/18254

Source: cve@mitre.org

Patch Vendor Advisory

http://secunia.com/advisories/18260

Source: cve@mitre.org

Patch Vendor Advisory

http://secunia.com/advisories/18267

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/18276

Source: cve@mitre.org

Patch Vendor Advisory

http://secunia.com/advisories/19555

Source: cve@mitre.org

Patch Vendor Advisory

http://secunia.com/advisories/19590

Source: cve@mitre.org

Patch Vendor Advisory

http://secunia.com/advisories/19591

Source: cve@mitre.org

Patch Vendor Advisory

http://secunia.com/advisories/19600

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/19628

Source: cve@mitre.org

Patch Vendor Advisory

http://secunia.com/advisories/19691

Source: cve@mitre.org

http://secunia.com/secunia_research/2005-64/advisory/

Source: cve@mitre.org

Exploit Patch Vendor Advisory

http://www.debian.org/security/2006/dsa-1029

Source: cve@mitre.org

Patch Vendor Advisory

http://www.debian.org/security/2006/dsa-1030

Source: cve@mitre.org

Patch Vendor Advisory

http://www.debian.org/security/2006/dsa-1031

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml

Source: cve@mitre.org

Patch Vendor Advisory

http://www.osvdb.org/22291

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/430448/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/430743/100/0/threaded

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/0101

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/0102

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/0103

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/0104

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/1305

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/1332

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/24052

Source: cve@mitre.org

https://www.exploit-db.com/exploits/1663

Source: cve@mitre.org

http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html