{"id":"CVE-2006-0146","details":"The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.","modified":"2026-01-27T04:06:25.862987Z","published":"2006-01-09T23:03:00Z","withdrawn":"2026-01-27T04:06:25.862987Z","references":[{"type":"FIX","url":"http://secunia.com/advisories/17418"},{"type":"FIX","url":"http://secunia.com/advisories/18233"},{"type":"ADVISORY","url":"http://secunia.com/advisories/18254"},{"type":"FIX","url":"http://secunia.com/advisories/18260"},{"type":"ADVISORY","url":"http://secunia.com/advisories/18267"},{"type":"FIX","url":"http://secunia.com/advisories/18276"},{"type":"FIX","url":"http://secunia.com/advisories/18720"},{"type":"FIX","url":"http://secunia.com/advisories/19555"},{"type":"FIX","url":"http://secunia.com/advisories/19563"},{"type":"FIX","url":"http://secunia.com/advisories/19590"},{"type":"FIX","url":"http://secunia.com/advisories/19591"},{"type":"ADVISORY","url":"http://secunia.com/advisories/19600"},{"type":"ADVISORY","url":"http://secunia.com/advisories/19691"},{"type":"FIX","url":"http://secunia.com/advisories/19699"},{"type":"ADVISORY","url":"http://secunia.com/advisories/24954"},{"type":"FIX","url":"http://secunia.com/secunia_research/2005-64/advisory/"},{"type":"FIX","url":"http://www.debian.org/security/2006/dsa-1029"},{"type":"FIX","url":"http://www.debian.org/security/2006/dsa-1030"},{"type":"FIX","url":"http://www.debian.org/security/2006/dsa-1031"},{"type":"FIX","url":"http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2006/0101"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2006/0102"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2006/0103"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2006/0104"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2006/0105"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2006/0370"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2006/0447"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2006/1304"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2006/1305"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2006/1419"},{"type":"EVIDENCE","url":"http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"},{"type":"FIX","url":"http://www.osvdb.org/22290"},{"type":"FIX","url":"http://www.securityfocus.com/bid/16187"},{"type":"FIX","url":"http://www.xaraya.com/index.php/news/569"},{"type":"WEB","url":"http://securityreason.com/securityalert/713"},{"type":"WEB","url":"http://www.maxdev.com/Article550.phtml"},{"type":"WEB","url":"http://www.securityfocus.com/archive/1/423784/100/0/threaded"},{"type":"WEB","url":"http://www.securityfocus.com/archive/1/430448/100/0/threaded"},{"type":"WEB","url":"http://www.securityfocus.com/archive/1/466171/100/0/threaded"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24051"}],"schema_version":"1.7.3"}