Unrated severityNVD Advisory· Published Jan 9, 2006· Updated Jun 16, 2026
CVE-2006-0147
CVE-2006-0147
Description
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- cpe:2.3:a:the_cacti_group:cacti:0.8.6g:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
30- secunia.com/advisories/18233nvdPatchVendor Advisory
- secunia.com/advisories/18254nvdPatchVendor Advisory
- secunia.com/advisories/18260nvdPatchVendor Advisory
- secunia.com/advisories/18276nvdPatchVendor Advisory
- secunia.com/advisories/19555nvdPatchVendor Advisory
- secunia.com/advisories/19590nvdPatchVendor Advisory
- secunia.com/advisories/19591nvdPatchVendor Advisory
- secunia.com/advisories/19628nvdPatchVendor Advisory
- www.debian.org/security/2006/dsa-1029nvdPatchVendor Advisory
- www.debian.org/security/2006/dsa-1030nvdPatchVendor Advisory
- www.gentoo.org/security/en/glsa/glsa-200604-07.xmlnvdPatchVendor Advisory
- retrogod.altervista.org/phpopenchat_30x_sql_xpl.htmlnvdExploit
- retrogod.altervista.org/simplog_092_incl_xpl.htmlnvdExploit
- secunia.com/advisories/17418nvdExploitPatchVendor Advisory
- secunia.com/secunia_research/2005-64/advisory/nvdExploitPatchVendor Advisory
- secunia.com/advisories/18267nvdVendor Advisory
- secunia.com/advisories/19600nvdVendor Advisory
- secunia.com/advisories/19691nvd
- www.debian.org/security/2006/dsa-1031nvd
- www.osvdb.org/22291nvd
- www.securityfocus.com/archive/1/430448/100/0/threadednvd
- www.securityfocus.com/archive/1/430743/100/0/threadednvd
- www.vupen.com/english/advisories/2006/0101nvd
- www.vupen.com/english/advisories/2006/0102nvd
- www.vupen.com/english/advisories/2006/0103nvd
- www.vupen.com/english/advisories/2006/0104nvd
- www.vupen.com/english/advisories/2006/1305nvd
- www.vupen.com/english/advisories/2006/1332nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/24052nvd
- www.exploit-db.com/exploits/1663nvd
News mentions
0No linked articles in our index yet.