CVE-2006-0147
EPSS 29.7%
Description
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.
How to fix CVE-2006-0147
To remediate CVE-2006-0147, upgrade the affected package to a fixed version below.
- Debian/cacti—upgrade to 0.8.6d-1 or later
- Debian/libphp-adodb—upgrade to 4.72-0.1 or later
Is CVE-2006-0147 being exploited?
Moderate — EPSS is 29.7%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 0.8.6d-1
- from 0, < 4.72-0.1