| VID |
21985 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The ADOdb library is vulnerable to a remote command execution vulnerability via the 'tmssql.php' script. ADOdb is a PHP & Python database class library to provide more powerful abstractions for performing queries and managing databases. Multiple PHP-based applications using versions of ADOdb prior to 4.70 are vulnerable to remote command execution vulnerability, caused by improper validation of user-supplied input passed to the 'tmssql.php' script. By sending a specially-crafted HTTP URL request to the 'tmssql.php' script using the 'do' parameter, a remote attacker could obtain sensitive information and execute arbitrary code on the affected system.
* References:
http://secunia.com/advisories/17418/
http://secunia.com/secunia_research/2005-64/advisory/
* Platforms Affected:
ADOdb versions prior to 4.70
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of ADOdb (4.70 or later), available from the ADOdb Project Web page at http://sourceforge.net/project/showfiles.php?group_id=42718 |
| Related URL |
CVE-2006-0147 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
24052 (ISS) |
|
