Adodb Multiple Test Scripts Remote Command Execution ...

Posted by tadelste on Jan 9, 2006 2:47 PM EDT
FrSIRT		Mail this story
Print this story

Two vulnerabilities were identified in ADOdb, which could be exploited by remote attackers to execute arbitrary commands. The first issue is due to an input validation error in the "server.php" test script that does not properly validate the "sql" variable, which could be exploited by attackers to execute arbitrary SQL queries (when the MySQL password for the root user is empty). The second flaw is due to an input validation error in the "tests/tmssql.php" test script that does not properly validate the "do" parameter, which could be exploited by remote attackers to call arbitrary PHP functions.

Full Story

  Nav
» Read more about: Story Type: News Story; Groups: MySQL

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.