Unrated severityNVD Advisory· Published Jan 9, 2006· Updated Apr 16, 2026

CVE-2006-0146

Description

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.

Affected products

John Lim/Adodb2 versions
cpe:2.3:a:john_lim:adodb:4.66:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:john_lim:adodb:4.66:*:*:*:*:*:*:*
- cpe:2.3:a:john_lim:adodb:4.68:*:*:*:*:*:*:*
Mantis/Mantis2 versions
cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*
- cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*
Mediabeez/Mediabeez
cpe:2.3:a:mediabeez:mediabeez:*:*:*:*:*:*:*:*
Moodle/Moodle
cpe:2.3:a:moodle:moodle:1.5.3:*:*:*:*:*:*:*
Phpnuke/Postnuke
cpe:2.3:a:postnuke_software_foundation:postnuke:0.761:*:*:*:*:*:*:*
The Cacti Group/Cacti
cpe:2.3:a:the_cacti_group:cacti:0.8.6g:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/18233nvdPatchVendor Advisory
secunia.com/advisories/18260nvdPatchVendor Advisory
secunia.com/advisories/18276nvdPatchVendor Advisory
secunia.com/advisories/18720nvdPatchVendor Advisory
secunia.com/advisories/19555nvdPatchVendor Advisory
secunia.com/advisories/19563nvdPatchVendor Advisory
secunia.com/advisories/19590nvdPatchVendor Advisory
secunia.com/advisories/19591nvdPatchVendor Advisory
secunia.com/advisories/19699nvdPatchVendor Advisory
www.debian.org/security/2006/dsa-1029nvdPatchVendor Advisory
www.debian.org/security/2006/dsa-1030nvdPatchVendor Advisory
www.debian.org/security/2006/dsa-1031nvdPatchVendor Advisory
www.gentoo.org/security/en/glsa/glsa-200604-07.xmlnvdPatchVendor Advisory
www.xaraya.com/index.php/news/569nvdPatch
retrogod.altervista.org/phpopenchat_30x_sql_xpl.htmlnvdExploit
secunia.com/advisories/17418nvdExploitPatchVendor Advisory
secunia.com/secunia_research/2005-64/advisory/nvdExploitPatchVendor Advisory
www.osvdb.org/22290nvdExploitPatch
www.securityfocus.com/bid/16187nvdExploitPatch
secunia.com/advisories/18254nvdVendor Advisory
secunia.com/advisories/18267nvdVendor Advisory
secunia.com/advisories/19600nvdVendor Advisory
secunia.com/advisories/19691nvdVendor Advisory
secunia.com/advisories/24954nvdVendor Advisory
www.vupen.com/english/advisories/2006/0101nvdVendor Advisory
www.vupen.com/english/advisories/2006/0103nvdVendor Advisory
www.vupen.com/english/advisories/2006/0104nvdVendor Advisory
www.vupen.com/english/advisories/2006/0105nvdVendor Advisory
www.vupen.com/english/advisories/2006/0370nvdVendor Advisory
www.vupen.com/english/advisories/2006/0447nvdVendor Advisory
www.vupen.com/english/advisories/2006/1304nvdVendor Advisory
www.vupen.com/english/advisories/2006/1305nvdVendor Advisory
www.maxdev.com/Article550.phtmlnvdURL Repurposed
securityreason.com/securityalert/713nvd
www.securityfocus.com/archive/1/423784/100/0/threadednvd
www.securityfocus.com/archive/1/430448/100/0/threadednvd
www.securityfocus.com/archive/1/466171/100/0/threadednvd
www.vupen.com/english/advisories/2006/0102nvd
www.vupen.com/english/advisories/2006/1419nvd
exchange.xforce.ibmcloud.com/vulnerabilities/24051nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.008
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000