CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2011-3699
https://notcve.org/view.php?id=CVE-2011-3699
23 Sep 2011 — John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/test-active-record.php and certain other files. John Lim ADOdb Library para PHP v5.11 permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con tests/test-active-record... • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4976
https://notcve.org/view.php?id=CVE-2006-4976
25 Sep 2006 — The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for (1) server.php, (2) adodb-errorpear.inc.php, (3) adodb-iterator.inc.php, (4) adodb-pear.inc.php, (5) adodb-perf.inc.php, (6) adodb-xmlschema.inc.php, and (7) adodb.inc.php; files in datadict including (8) datadict-access.inc.php, (9) datadict-db2.inc.php, (10) datadict-generic.inc.php, (11) datadict-ibase.inc.php, (12) datadict-informix.inc.php, (13) datadict-mssql.inc.php, (14... • http://securityreason.com/securityalert/1629 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-4618
https://notcve.org/view.php?id=CVE-2006-4618
07 Sep 2006 — PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in John Lim ADOdb, possibly 4.01 and earlier, as used in Intechnic In-link 2.3.4, allows remote attackers to execute arbitrary PHP code via a URL in the ADODB_DIR parameter. Vulnerabilidad PHP de inclusión remota de archivo en adodb-postgres7.inc.php en John Lim ADOdb, posiblemente 4.01 y anteriores, según lo usado en Intechnic In-link 2.3.4, permite a un atacante remoto ejecutar código PHP de su elección a través de una URL en el parámetro ... • http://adodb.cvs.sourceforge.net/adodb/adodb_official/adodb-postgres7.inc.php?revision=1.1&view=markup •
CVSS: 6.1EPSS: 14%CPEs: 4EXPL: 1CVE-2006-0806 – ADOdb < 4.71 - Cross Site Scripting
https://notcve.org/view.php?id=CVE-2006-0806
21 Feb 2006 — Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF. • https://www.exploit-db.com/exploits/43832 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2006-0410
https://notcve.org/view.php?id=CVE-2006-0410
25 Jan 2006 — SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings. Vulnerabilidad de inyección de SQL en ADOdb anteriores a 4.71, cuando se usa PostgreSQL, permite a atacantes ejecutar órdenes SQL de su elección mediante vectores de ataque no especificados implicando cadenas binarias. • http://secunia.com/advisories/18575 •
CVSS: 9.8EPSS: 8%CPEs: 8EXPL: 6CVE-2006-0146 – Simplog 0.9.2 - 's' Remote Command Execution
https://notcve.org/view.php?id=CVE-2006-0146
09 Jan 2006 — The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter. • https://www.exploit-db.com/exploits/1663 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 21%CPEs: 7EXPL: 5CVE-2006-0147 – Simplog 0.9.2 - 's' Remote Command Execution
https://notcve.org/view.php?id=CVE-2006-0147
09 Jan 2006 — Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo. • https://www.exploit-db.com/exploits/1663 •
CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 0CVE-2004-2664
https://notcve.org/view.php?id=CVE-2004-2664
31 Dec 2004 — John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals the installation path in an error message. • http://phplens.com/lens/adodb/docs-adodb.htm#changes •