漏洞信息详情
ADOdb Server.PHP SQL注入漏洞
- CNNVD编号:CNNVD-200601-050 <!--
- 危害等级: 高危-->
- 危害等级: 高危
- CVE编号: CVE-2006-0146
- 漏洞类型: SQL注入
- 发布时间: 2006-01-09
- 威胁类型: 远程
- 更新时间: 2007-05-18
- 厂 商: the_cacti_group
- 漏洞来源: Andreas Sandblad o...
-
漏洞简介
ADOdb for PHP 4.70之前版本中的server.php脚本(用在多个产品中,包括(1) Mantis、(2) PostNuke、(3) Moodle、(4) Cacti、(5) Xaraya、(6) PHPOpenChat、(7) MAXdev MD-Pro和(8) MediaBeez),在MySQL根密码为空时,远程攻击者可以通过sql参数执行任意SQL命令。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Mantis Mantis 0.19.4
Mantis mantis-1.0.0.tar.gz
http://prdownloads.sourceforge.net/mantisbt/mantis-1.0.0.tar.gz
Cisco Aironet 340 BR340 Firmware 0.761
PostNuke PostNuke 0.761a
http://news.postnuke.com/Downloads-req-getit-lid-517.html
Planet Technology WSW-2401 0.8.6 g
Cacti cacti-0.8.6h.tar.gz
http://www.cacti.net/downloads/cacti-0.8.6h.tar.gz
Mantis Mantis 1.0 .0RC4
Mantis mantis-1.0.0.tar.gz
http://prdownloads.sourceforge.net/mantisbt/mantis-1.0.0.tar.gz
LifeType LifeType 1.0.2
LifeType lifetype-1.0.3.tar.gz
http://prdownloads.sourceforge.net/lifetype/lifetype-1.0.3.tar.gz
BEA Systems Weblogic Proxy Plugin 1.5.3
Moodle moodle-latest.tgz
This is the latest development version that will become version 1.3 of the software. The fix for this issue has been incorporated into the product and will be included in the next official release.
http://moodle.org/download.php/moodle/moodle-latest.tgz
phpESP phpESP 1.7
phpESP phpESP-1.8.2.tar.gz
http://prdownloads.sourceforge.net/phpesp/phpESP-1.8.2.tar.gz
phpESP phpESP 1.7.1
phpESP phpESP-1.8.2.tar.gz
http://prdownloads.sourceforge.net/phpesp/phpESP-1.8.2.tar.gz
phpESP phpESP 1.7.2
phpESP phpESP-1.8.2.tar.gz
http://prdownloads.sourceforge.net/phpesp/phpESP-1.8.2.tar.gz
phpESP phpESP 1.7.5 -dev2
phpESP phpESP-1.8.2.tar.gz
http://prdownloads.sourceforge.net/phpesp/phpESP-1.8.2.tar.gz
phpESP phpESP 1.7.5
phpESP phpESP-1.8.2.tar.gz
http://prdownloads.sourceforge.net/phpesp/phpESP-1.8.2.tar.gz
phpESP phpESP 1.7.5 -dev
phpESP phpESP-1.8.2.tar.gz
http://prdownloads.sourceforge.net/phpesp/phpESP-1.8.2.tar.gz
phpESP phpESP 1.7.5 -dev3
phpESP phpESP-1.8.2.tar.gz
http://prdownloads.sourceforge.net/phpesp/phpESP-1.8.2.tar.gz
phpESP phpESP 1.8 -rc1
phpESP phpESP-1.8.2.tar.gz
http://prdownloads.sourceforge.net/phpesp/phpESP-1.8.2.tar.gz
phpESP phpESP 1.8.1
phpESP phpESP-1.8.2.tar.gz
http://prdownloads.sourceforge.net/phpesp/phpESP-1.8.2.tar.gz
ADOdb ADOdb 4.66
ADOdb adodb470.tgz
http://prdownloads.sourceforge.net/adodb/adodb470.tgz
ADOdb ADOdb 4.68 ADOdb adodb470.tgz
http://prdownloads.sourceforge.net/adodb/adodb470.tgz
参考网址
来源: www.xaraya.com
链接:http://www.xaraya.com/index.php/news/569
来源: BID
名称: 16187
链接:http://www.securityfocus.com/bid/16187
来源: BUGTRAQ
名称: 20060202 Bug for libs in php link directory 2.0
链接:http://www.securityfocus.com/archive/1/archive/1/423784/100/0/threaded
来源: OSVDB
名称: 22290
链接:http://www.osvdb.org/22290
来源: GENTOO
名称: GLSA-200604-07
链接:http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml
来源: VUPEN
名称: ADV-2006-1419
链接:http://www.frsirt.com/english/advisories/2006/1419
来源: VUPEN
名称: ADV-2006-1304
链接:http://www.frsirt.com/english/advisories/2006/1304
来源: VUPEN
名称: ADV-2006-0447
链接:http://www.frsirt.com/english/advisories/2006/0447
来源: VUPEN
名称: ADV-2006-0370
链接:http://www.frsirt.com/english/advisories/2006/0370
来源: VUPEN
名称: ADV-2006-0105
链接:http://www.frsirt.com/english/advisories/2006/0105
来源: VUPEN
名称: ADV-2006-0104
链接:http://www.frsirt.com/english/advisories/2006/0104
来源: VUPEN
名称: ADV-2006-0103
链接:http://www.frsirt.com/english/advisories/2006/0103
来源: VUPEN
名称: ADV-2006-0101
链接:http://www.frsirt.com/english/advisories/2006/0101
来源: DEBIAN
名称: DSA-1031
链接:http://www.debian.org/security/2006/dsa-1031
来源: DEBIAN
名称: DSA-1030
链接:http://www.debian.org/security/2006/dsa-1030
来源: DEBIAN
名称: DSA-1029
链接:http://www.debian.org/security/2006/dsa-1029
来源: MISC
链接:http://secunia.com/secunia_research/2005-64/advisory/
来源: SECUNIA
名称: 19699
链接:http://secunia.com/advisories/19699
来源: SECUNIA
名称: 19591
链接:http://secunia.com/advisories/19591
来源: SECUNIA
名称: 19590
链接:http://secunia.com/advisories/19590
来源: SECUNIA
名称: 19563
链接:http://secunia.com/advisories/19563
来源: SECUNIA
名称: 19555
链接:http://secunia.com/advisories/19555
来源: SECUNIA
名称: 18720
链接:http://secunia.com/advisories/18720
来源: SECUNIA
名称: 18276
链接:http://secunia.com/advisories/18276
来源: SECUNIA
名称: 18260
链接:http://secunia.com/advisories/18260
来源: SECUNIA
名称: 18233
链接:http://secunia.com/advisories/18233
来源: SECUNIA
名称: 17418
链接:http://secunia.com/advisories/17418
来源: XF
名称: adodb-server-command-execution(24051)
链接:http://xforce.iss.net/xforce/xfdb/24051
来源: BUGTRAQ
名称: 20070418 MediaBeez Sql query Execution .. Wear isn't ?? :)
链接:http://www.securityfocus.com/archive/1/archive/1/466171/100/0/threaded
来源: BUGTRAQ
名称: 20060409 PhpOpenChat 3.0.x ADODB Server.php "sql" SQL injection
链接:http://www.securityfocus.com/archive/1/archive/1/430448/100/0/threaded
来源: www.maxdev.com
链接:http://www.maxdev.com/Article550.phtml
来源: VUPEN
名称: ADV-2006-1305
链接:http://www.frsirt.com/english/advisories/2006/1305
来源: VUPEN
名称: ADV-2006-0102
链接:http://www.frsirt.com/english/advisories/2006/0102
来源: SREASON
名称: 713
链接:http://securityreason.com/securityalert/713
来源: SECUNIA
名称: 24954
链接:http://secunia.com/advisories/24954
来源: SECUNIA
名称: 19691
链接:http://secunia.com/advisories/19691
来源: SECUNIA
名称: 19600
链接:http://secunia.com/advisories/19600
来源: SECUNIA
名称: 18267
链接:http://secunia.com/advisories/18267
来源: SECUNIA
名称: 18254
链接:http://secunia.com/advisories/18254
来源: MISC
链接:http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html
受影响实体
- The_cacti_group Cacti:0.8.6g<!--2000-1-1-->
补丁
暂无
还没有评论,来说两句吧...