{
  "schema_version": "1.4.0",
  "id": "GHSA-8348-4394-v2hm",
  "modified": "2025-04-03T04:24:52Z",
  "published": "2022-05-01T06:37:35Z",
  "aliases": [
    "CVE-2006-0147"
  ],
  "details": "Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.",
  "severity": [],
  "affected": [],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0147"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24052"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/1663"
    },
    {
      "type": "WEB",
      "url": "http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html"
    },
    {
      "type": "WEB",
      "url": "http://retrogod.altervista.org/simplog_092_incl_xpl.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/17418"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18233"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18254"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18260"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18267"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18276"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19555"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19590"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19591"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19600"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19628"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19691"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/secunia_research/2005-64/advisory"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2006/dsa-1029"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2006/dsa-1030"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2006/dsa-1031"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/22291"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/430448/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/430743/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/0101"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/0102"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/0103"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/0104"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/1305"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/1332"
    }
  ],
  "database_specific": {
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-01-09T23:03:00Z"
  }
}