CVE-2006-0146

Simplog 0.9.2 - 's' Remote Command Execution

Severity Score

7.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.

*Credits: N/A

CVSS Scores

NISTv2 7.5

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-01-09 CVE Reserved
2006-01-09 CVE Published
2006-04-11 First Exploit
2024-02-15 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CAPEC

References (41)

URL	Tag	Source
http://securityreason.com/securityalert/713	Third Party Advisory
http://www.maxdev.com/Article550.phtml	Url Repurposed
http://www.securityfocus.com/archive/1/423784/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/430448/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/466171/100/0/threaded	Mailing List
http://www.vupen.com/english/advisories/2006/0102	Vdb Entry
http://www.vupen.com/english/advisories/2006/1419	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/24051	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/1663	2006-04-11
http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html	2024-08-07
http://secunia.com/advisories/17418	2024-08-07
http://secunia.com/secunia_research/2005-64/advisory	2024-08-07
http://www.osvdb.org/22290	2024-08-07
http://www.securityfocus.com/bid/16187	2024-08-07

URL	Date	SRC
http://secunia.com/advisories/18233	2024-02-14
http://secunia.com/advisories/18260	2024-02-14
http://secunia.com/advisories/18276	2024-02-14
http://secunia.com/advisories/18720	2024-02-14
http://secunia.com/advisories/19555	2024-02-14
http://secunia.com/advisories/19563	2024-02-14
http://secunia.com/advisories/19590	2024-02-14
http://secunia.com/advisories/19591	2024-02-14
http://secunia.com/advisories/19699	2024-02-14
http://www.debian.org/security/2006/dsa-1029	2024-02-14
http://www.debian.org/security/2006/dsa-1030	2024-02-14
http://www.debian.org/security/2006/dsa-1031	2024-02-14
http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml	2024-02-14
http://www.xaraya.com/index.php/news/569	2024-02-14

URL	Date	SRC
http://secunia.com/advisories/18254	2024-02-14
http://secunia.com/advisories/18267	2024-02-14
http://secunia.com/advisories/19600	2024-02-14
http://secunia.com/advisories/19691	2024-02-14
http://secunia.com/advisories/24954	2024-02-14
http://www.vupen.com/english/advisories/2006/0101	2024-02-14
http://www.vupen.com/english/advisories/2006/0103	2024-02-14
http://www.vupen.com/english/advisories/2006/0104	2024-02-14
http://www.vupen.com/english/advisories/2006/0105	2024-02-14
http://www.vupen.com/english/advisories/2006/0370	2024-02-14
http://www.vupen.com/english/advisories/2006/0447	2024-02-14
http://www.vupen.com/english/advisories/2006/1304	2024-02-14
http://www.vupen.com/english/advisories/2006/1305	2024-02-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
John Lim Search vendor "John Lim"		Adodb Search vendor "John Lim" for product "Adodb"				4.66 Search vendor "John Lim" for product "Adodb" and version "4.66"		-		Affected
John Lim Search vendor "John Lim"		Adodb Search vendor "John Lim" for product "Adodb"				4.68 Search vendor "John Lim" for product "Adodb" and version "4.68"		-		Affected
Mantis Search vendor "Mantis"		Mantis Search vendor "Mantis" for product "Mantis"				0.19.4 Search vendor "Mantis" for product "Mantis" and version "0.19.4"		-		Affected
Mantis Search vendor "Mantis"		Mantis Search vendor "Mantis" for product "Mantis"				1.0.0_rc4 Search vendor "Mantis" for product "Mantis" and version "1.0.0_rc4"		-		Affected
Mediabeez Search vendor "Mediabeez"		Mediabeez Search vendor "Mediabeez" for product "Mediabeez"				*		-		Affected
Moodle Search vendor "Moodle"		Moodle Search vendor "Moodle" for product "Moodle"				1.5.3 Search vendor "Moodle" for product "Moodle" and version "1.5.3"		-		Affected
Postnuke Software Foundation Search vendor "Postnuke Software Foundation"		Postnuke Search vendor "Postnuke Software Foundation" for product "Postnuke"				0.761 Search vendor "Postnuke Software Foundation" for product "Postnuke" and version "0.761"		-		Affected
The Cacti Group Search vendor "The Cacti Group"		Cacti Search vendor "The Cacti Group" for product "Cacti"				0.8.6g Search vendor "The Cacti Group" for product "Cacti" and version "0.8.6g"		-		Affected