MidnightBSD

Advisories for mediabeez

CVE-2006-0146 HIGH

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
mediabeez mediabeez *
moodle moodle 1.5.3
john_lim adodb 4.66
postnuke_software_foundation postnuke 0.761
john_lim adodb 4.68
mantis mantis 0.19.4
mantis mantis 1.0.0_rc4
the_cacti_group cacti 0.8.6g