CVE-2006-0146
cacti - several
EPSS 9.5%
Description
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
How to fix CVE-2006-0146
To remediate CVE-2006-0146, upgrade the affected package to a fixed version below.
- Debian/cacti—upgrade to 0.8.6d-1 or later
- Debian/cacti—upgrade to 0.8.6c-7sarge3 or later
- —upgrade to 4.72-0.1 or later
- —upgrade to 1.51-1.2 or later
- —upgrade to 1.4.4.dfsg.1-3sarge1 or later
Is CVE-2006-0146 being exploited?
Moderate — EPSS is 9.5%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (5)
- from 0, < 0.8.6d-1
- from 0, < 0.8.6c-7sarge3
- from 0, < 4.72-0.1
- from 0, < 1.51-1.2
- from 0, < 1.4.4.dfsg.1-3sarge1