{"id":"CVE-2006-0147","details":"Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.","modified":"2026-04-10T03:37:21.049328Z","published":"2006-01-09T23:03:00Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/17418"},{"type":"ADVISORY","url":"http://secunia.com/advisories/18233"},{"type":"ADVISORY","url":"http://secunia.com/advisories/18254"},{"type":"ADVISORY","url":"http://secunia.com/advisories/18260"},{"type":"ADVISORY","url":"http://secunia.com/advisories/18267"},{"type":"ADVISORY","url":"http://secunia.com/advisories/18276"},{"type":"ADVISORY","url":"http://secunia.com/advisories/19555"},{"type":"ADVISORY","url":"http://secunia.com/advisories/19590"},{"type":"ADVISORY","url":"http://secunia.com/advisories/19591"},{"type":"ADVISORY","url":"http://secunia.com/advisories/19600"},{"type":"ADVISORY","url":"http://secunia.com/advisories/19628"},{"type":"ADVISORY","url":"http://secunia.com/advisories/19691"},{"type":"ADVISORY","url":"http://secunia.com/secunia_research/2005-64/advisory/"},{"type":"ADVISORY","url":"http://www.debian.org/security/2006/dsa-1029"},{"type":"ADVISORY","url":"http://www.debian.org/security/2006/dsa-1030"},{"type":"ADVISORY","url":"http://www.debian.org/security/2006/dsa-1031"},{"type":"ADVISORY","url":"http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2006/0101"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2006/0102"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2006/0103"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2006/0104"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2006/1305"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2006/1332"},{"type":"EVIDENCE","url":"http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"},{"type":"EVIDENCE","url":"http://retrogod.altervista.org/simplog_092_incl_xpl.html"},{"type":"EVIDENCE","url":"http://secunia.com/advisories/17418"},{"type":"EVIDENCE","url":"http://secunia.com/secunia_research/2005-64/advisory/"},{"type":"FIX","url":"http://secunia.com/advisories/17418"},{"type":"FIX","url":"http://secunia.com/advisories/18233"},{"type":"FIX","url":"http://secunia.com/advisories/18254"},{"type":"FIX","url":"http://secunia.com/advisories/18260"},{"type":"FIX","url":"http://secunia.com/advisories/18276"},{"type":"FIX","url":"http://secunia.com/advisories/19555"},{"type":"FIX","url":"http://secunia.com/advisories/19590"},{"type":"FIX","url":"http://secunia.com/advisories/19591"},{"type":"FIX","url":"http://secunia.com/advisories/19628"},{"type":"FIX","url":"http://secunia.com/secunia_research/2005-64/advisory/"},{"type":"FIX","url":"http://www.debian.org/security/2006/dsa-1029"},{"type":"FIX","url":"http://www.debian.org/security/2006/dsa-1030"},{"type":"FIX","url":"http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"},{"type":"WEB","url":"http://www.osvdb.org/22291"},{"type":"WEB","url":"http://www.securityfocus.com/archive/1/430448/100/0/threaded"},{"type":"WEB","url":"http://www.securityfocus.com/archive/1/430743/100/0/threaded"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/24052"},{"type":"WEB","url":"https://www.exploit-db.com/exploits/1663"}],"schema_version":"1.7.5"}