Vulnerability Name:

CVE-2006-0410 (CCN-24314)

Assigned:2006-01-24
Published:2006-01-24
Updated:2017-07-20
Summary:SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Data Manipulation
References:Source: MITRE
Type: CNA
CVE-2006-0410

Source: CCN
Type: SA18575
ADOdb PostgreSQL SQL Injection Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
18575

Source: CCN
Type: SA18732
PHP Link Directory ADOdb and PHPMailer Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
18732

Source: SECUNIA
Type: UNKNOWN
18745

Source: SECUNIA
Type: UNKNOWN
19555

Source: SECUNIA
Type: UNKNOWN
19590

Source: SECUNIA
Type: UNKNOWN
19591

Source: SECUNIA
Type: UNKNOWN
19691

Source: CCN
Type: SourceForge.net: ADOdb
Latest File Releases

Source: CONFIRM
Type: Patch
http://sourceforge.net/project/shownotes.php?release_id=387862&group_id=42718

Source: DEBIAN
Type: UNKNOWN
DSA-1029

Source: DEBIAN
Type: UNKNOWN
DSA-1030

Source: DEBIAN
Type: UNKNOWN
DSA-1031

Source: DEBIAN
Type: DSA-1029
libphp-adodb -- several vulnerabilities

Source: DEBIAN
Type: DSA-1030
moodle -- several vulnerabilities

Source: DEBIAN
Type: DSA-1031
cacti -- several vulnerabilities

Source: CCN
Type: GLSA-200602-02
ADOdb: PostgresSQL command injection

Source: GENTOO
Type: UNKNOWN
GLSA-200602-02

Source: CCN
Type: GLSA-200604-07
Cacti: Multiple vulnerabilities in included ADOdb

Source: GENTOO
Type: UNKNOWN
GLSA-200604-07

Source: OSVDB
Type: UNKNOWN
22705

Source: CCN
Type: OSVDB ID: 22705
ADOdb PostgreSQL Binary String SQL Injection

Source: CCN
Type: PHP Link Directory Web site
PHP Link Directory

Source: BID
Type: UNKNOWN
16364

Source: CCN
Type: BID-16364
ADOdb PostgreSQL SQL Injection Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-0315

Source: VUPEN
Type: UNKNOWN
ADV-2006-0448

Source: XF
Type: UNKNOWN
adodb-postgresql-sql-injection(24314)

Source: XF
Type: UNKNOWN
adodb-postgresql-sql-injection(24314)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:john_lim:adodb:4.66:*:*:*:*:*:*:*
  • OR cpe:/a:john_lim:adodb:4.68:*:*:*:*:*:*:*
  • OR cpe:/a:john_lim:adodb:4.70:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:john_lim:adodb:4.70:*:*:*:*:*:*:*
  • OR cpe:/a:john_lim:adodb:4.68:*:*:*:*:*:*:*
  • OR cpe:/a:john_lim:adodb:4.66:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:1029
    V
    		several vulnerabilities
    2006-04-08
    oval:org.debian:def:1030
    V
    		several vulnerabilities
    2006-04-08
    oval:org.debian:def:1031
    V
    		several vulnerabilities
    2006-04-08
    BACK
    john_lim adodb 4.66
    john_lim adodb 4.68
    john_lim adodb 4.70
    john_lim adodb 4.70
    john_lim adodb 4.68
    john_lim adodb 4.66
    debian debian linux 3.0
    gentoo linux *
    debian debian linux 3.1