ISS X-Force Database: adodb-server-command-execution(24051): ADOdb server.php SQL command execution

ADOdb server.php SQL command execution

adodb-server-command-execution (24051)

Medium Risk

Description:

ADOdb is a database connectivity library for PHP. Multiple PHP-based applications using versions of ADOdb prior to 4.70 could allow a remote attacker to execute arbitrary SQL commands on the server. If the MySQL root password is empty and the server.php script is located within the Web root, a remote attacker could send a specially-crafted URL request to the server.php script using the "sql" parameter to execute arbitrary SQL commands.

This vulnerability affects the following PHP-based applications: Mantis, PostNuke, Moodle, and Cacti.

Platforms Affected:

Cacti, Cacti 0.8.6g
Debian, Debian Linux 3.0
Debian, Debian Linux 3.1
Gentoo, Linux
John Lim, ADOdb prior to 4.70
Mantis, Mantis 0.19.4
Mantis, Mantis 1.0.0 rc4
Moodle, Moodle 1.5.3
PostNuke, PostNuke 0.761

Remedy:

Upgrade to the latest version of ADOdb (4.70-for-php or later), available from SourceForge.net. Se References.

For Cacti:
Upgrade to the latest version of Cacti (0.8.6.h or later), available from the Cacti Web site. See References.

For Moodle:
Upgrade to the latest version of Moodle (1.5.3+ or later), available from the Moodle Web site. See References.

For PostNuke:
Upgrade to the latest version of PostNuke (0.761a or later), available from the PostNuke Web site. See References.

For Debian GNU/Linux:
Refer to DSA-1029-1, DSA-1030-1, and DSA-1031-1 for patch, upgrade, or suggested workaround information. See References.

For Gentoo Linux:
Refer to Gentoo Linux Security Announcement GLSA 2006-04-07 for patch, upgrade, or suggested workaround information. See References.

Consequences:

Gain Access

References:

Cacti Web site, Download Cacti at http://www.cacti.net/download_cacti.php.
Moodle Web site, Moodle: Download at http://download.moodle.org/?lang=.
PostNuke Web site, Downloads at http://news.postnuke.com/modules.php?op=modload&name=Downloads&file=index&req=viewdownload&cid=1.
SourceForge.net: ADOdb, Latest File Releases at http://sourceforge.net/project/showfiles.php?group_id=42718.
BID-16187: ADOdb Server.PHP SQL Injection Vulnerability
CVE-2006-0146: The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
DSA-1029: libphp-adodb -- several vulnerabilities
DSA-1030: moodle -- several vulnerabilities
DSA-1031: cacti -- several vulnerabilities
GLSA-200604-07: Cacti: Multiple vulnerabilities in included ADOdb
OSVDB ID: 22290: ADOdb server.php sql Variable SQL Injection
SA17418: ADOdb Insecure Test Scripts Security Issues
SA18233: Xaraya ADOdb Insecure Test Scripts Security Issues
SA18254: Mantis ADOdb Insecure Test Scripts Security Issues
SA18260: PostNuke ADOdb "server.php" Insecure Test Script Security Issue
SA18267: Moodle ADOdb Insecure Test Scripts Security Issues
SA18276: Cacti ADOdb "server.php" Insecure Test Script Security Issue
SA18720: AgileBill ADOdb server.php Insecure Test Script Security Issue
SA19563: MAXdev MD-Pro ADOdb "server.php" Insecure Test Script Security Issue
SA19600: PHPOpenChat ADOdb Insecure Test Scripts Security Issues
SA19699: LifeType ADOdb "server.php" Insecure Test Script Security Issue
SA24954: MediaBeez "server.php" SQL Execution Vulnerability
VUPEN/ADV-2006-0101: ADOdb Multiple Test Scripts Remote Command Execution Vulnerabilities
VUPEN/ADV-2006-0102: Mantis ADOdb Test Scripts Remote Command Execution Vulnerabilities
VUPEN/ADV-2006-0103: Moodle ADOdb Test Scripts Remote Command Execution Vulnerabilities
VUPEN/ADV-2006-0104: Cacti ADOdb server.php Test Script Remote Code Execution Issue
VUPEN/ADV-2006-0105: PostNuke ADOdb server.php Test Script Remote Code Execution Issue
VUPEN/ADV-2006-0370: Xaraya ADOdb Test Scripts Remote Command Execution Vulnerability
VUPEN/ADV-2006-0447: AgileBill ADOdb server.php Test Script Remote Code Execution Issue
VUPEN/ADV-2006-1304: MAXdev MD-Pro ADOdb server.php Test Script Remote Code Execution Issue
VUPEN/ADV-2006-1305: PHPOpenChat ADOdb Test Scripts Remote Command Execution Vulnerabilities
VUPEN/ADV-2006-1419: LifeType ADOdb server.php Test Script Remote Code Execution Vulnerability

Reported:

Jan 09, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page