2
Candidate: CVE-2006-4976
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4976
6
The Date Library in John Lim ADOdb Library for PHP allows remote attackers
7
to obtain sensitive information via a direct request for (1) server.php,
8
(2) adodb-errorpear.inc.php, (3) adodb-iterator.inc.php, (4)
9
adodb-pear.inc.php, (5) adodb-perf.inc.php, (6) adodb-xmlschema.inc.php,
10
and (7) adodb.inc.php; files in datadict including (8)
11
datadict-access.inc.php, (9) datadict-db2.inc.php, (10)
12
datadict-generic.inc.php, (11) datadict-ibase.inc.php, (12)
13
datadict-informix.inc.php, (13) datadict-mssql.inc.php, (14)
14
datadict-mysql.inc.php, (15) datadict-oci8.inc.php, (16)
15
datadict-postgres.inc.php, and (17) datadict-sybase.inc.php; files in
16
drivers/ including (18) adodb-access.inc.php, (19) adodb-ado.inc.php, (20)
17
adodb-ado_access.inc.php, (21) adodb-ado_mssql.inc.php, (22)
18
adodb-borland_ibase.inc.php, (23) adodb-csv.inc.php, (24)
19
adodb-db2.inc.php, (25) adodb-fbsql.inc.php, (26) adodb-firebird.inc.php,
20
(27) adodb-ibase.inc.php, (28) adodb-informix.inc.php, (29)
21
adodb-informix72.inc.php, (30) adodb-mssql.inc.php, (31)
22
adodb-mssqlpo.inc.php, (32) adodb-mysql.inc.php, (33) adodb-mysqli.inc.php,
23
(34) adodb-mysqlt.inc.php, (35) adodb-oci8.inc.php, (36)
24
adodb-oci805.inc.php, (37) adodb-oci8po.inc.php, (38) adodb-odbc.inc.php,
25
(39) adodb-odbc_mssql.inc.php, (40) adodb-odbc_oracle.inc.php, (41)
26
adodb-oracle.inc.php, (42) adodb-postgres64.inc.php, (43)
27
adodb-postgres7.inc.php, (44) adodb-proxy.inc.php, (45)
28
adodb-sapdb.inc.php, (46) adodb-sqlanywhere.inc.php, (47)
29
adodb-sqlite.inc.php, (48) adodb-sybase.inc.php, (49) adodb-vfp.inc.php;
30
file in perf/ including (50) perf-db2.inc.php, (51) perf-informix.inc.php,
31
(52) perf-mssql.inc.php, (53) perf-mysql.inc.php, (54) perf-oci8.inc.php,
32
(55) perf-postgres.inc.php; tests/ files (56) benchmark.php, (57)
33
client.php, (58) test-datadict.php, (59) test-perf.php, (60)
34
test-pgblob.php, (61) test-php5.php, (62) test-xmlschema.php, (63)
35
test.php, (64) test2.php, (65) test3.php, (66) test4.php, (67) test5.php,
36
(68) test_rs_array.php, (69) testcache.php, (70) testdatabases.inc.php,
37
(71) testgenid.php, (72) testmssql.php, (73) testoci8.php, (74)
38
testoci8cursor.php, (75) testpaging.php, (76) testpear.php, (77)
39
testsessions.php, (78) time.php, or (79) tmssql.php, which reveals the path
40
in various error messages.
43
mdeslaur> when using packages, full path is known anyway...not a security
52
dapper_libphp-adodb: ignored (reached end-of-life)
53
edgy_libphp-adodb: needed (reached end-of-life)
54
feisty_libphp-adodb: needed (reached end-of-life)
55
gutsy_libphp-adodb: needed (reached end-of-life)
56
hardy_libphp-adodb: not-affected
57
intrepid_libphp-adodb: not-affected
58
jaunty_libphp-adodb: not-affected
59
karmic_libphp-adodb: not-affected
60
devel_libphp-adodb: not-affected
61
upstream_libphp-adodb: