VYPR
Unrated severityNVD Advisory· Published Jan 9, 2006· Updated Jun 16, 2026

CVE-2006-0146

CVE-2006-0146

Description

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

9
  • Adodb/Adodb3 versions
    cpe:2.3:a:john_lim:adodb:4.66:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:john_lim:adodb:4.66:*:*:*:*:*:*:*
    • cpe:2.3:a:john_lim:adodb:4.68:*:*:*:*:*:*:*
    • (no CPE)range: <4.70
  • Mantisbt/Mantis2 versions
    cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*
  • cpe:2.3:a:mediabeez:mediabeez:*:*:*:*:*:*:*:*
  • cpe:2.3:a:moodle:moodle:1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:postnuke_software_foundation:postnuke:0.761:*:*:*:*:*:*:*
  • cpe:2.3:a:the_cacti_group:cacti:0.8.6g:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

40

News mentions

0

No linked articles in our index yet.