Description
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
Remediation
References
Related Vulnerabilities
Apache Tomcat CVE-2017-5651 Vulnerability (CVE-2017-5651)
WordPress Plugin All In One Schema.org Rich Snippets Cross-Site Scripting (1.4.4)
MySQL Uncontrolled Resource Consumption Vulnerability (CVE-2025-50079)
WordPress Plugin Site Import Remote File Inclusion (1.0.1)
WordPress Plugin Fonts-Google Fonts Typography Cross-Site Scripting (3.0.2)