Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-9x72-e9wx-mqf4
Vulnerability ID VCID-9x72-e9wx-mqf4
Aliases CVE-2006-0146
Summary Multiple vulnerabilities have been discovered in the ADOdb layer included in Cacti, potentially resulting in the execution of arbitrary code.
Status Published
Exploitability 2.0
Weighted Severity 6.8
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
System Score Found at
epss 0.09474 https://api.first.org/data/v1/epss?cve=CVE-2006-0146
epss 0.09474 https://api.first.org/data/v1/epss?cve=CVE-2006-0146
epss 0.09474 https://api.first.org/data/v1/epss?cve=CVE-2006-0146
epss 0.09474 https://api.first.org/data/v1/epss?cve=CVE-2006-0146
epss 0.09474 https://api.first.org/data/v1/epss?cve=CVE-2006-0146
epss 0.09474 https://api.first.org/data/v1/epss?cve=CVE-2006-0146
epss 0.09474 https://api.first.org/data/v1/epss?cve=CVE-2006-0146
epss 0.09474 https://api.first.org/data/v1/epss?cve=CVE-2006-0146
epss 0.09474 https://api.first.org/data/v1/epss?cve=CVE-2006-0146
epss 0.09474 https://api.first.org/data/v1/epss?cve=CVE-2006-0146
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2006-0146
Reference id Reference type URL
http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html
https://api.first.org/data/v1/epss?cve=CVE-2006-0146
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0146
http://secunia.com/advisories/17418
http://secunia.com/advisories/18233
http://secunia.com/advisories/18254
http://secunia.com/advisories/18260
http://secunia.com/advisories/18267
http://secunia.com/advisories/18276
http://secunia.com/advisories/18720
http://secunia.com/advisories/19555
http://secunia.com/advisories/19563
http://secunia.com/advisories/19590
http://secunia.com/advisories/19591
http://secunia.com/advisories/19600
http://secunia.com/advisories/19691
http://secunia.com/advisories/19699
http://secunia.com/advisories/24954
http://secunia.com/secunia_research/2005-64/advisory/
http://securityreason.com/securityalert/713
https://exchange.xforce.ibmcloud.com/vulnerabilities/24051
http://www.debian.org/security/2006/dsa-1029
http://www.debian.org/security/2006/dsa-1030
http://www.debian.org/security/2006/dsa-1031
http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml
http://www.maxdev.com/Article550.phtml
http://www.osvdb.org/22290
http://www.securityfocus.com/archive/1/423784/100/0/threaded
http://www.securityfocus.com/archive/1/430448/100/0/threaded
http://www.securityfocus.com/archive/1/466171/100/0/threaded
http://www.securityfocus.com/bid/16187
http://www.vupen.com/english/advisories/2006/0101
http://www.vupen.com/english/advisories/2006/0102
http://www.vupen.com/english/advisories/2006/0103
http://www.vupen.com/english/advisories/2006/0104
http://www.vupen.com/english/advisories/2006/0105
http://www.vupen.com/english/advisories/2006/0370
http://www.vupen.com/english/advisories/2006/0447
http://www.vupen.com/english/advisories/2006/1304
http://www.vupen.com/english/advisories/2006/1305
http://www.vupen.com/english/advisories/2006/1419
http://www.xaraya.com/index.php/news/569
349985 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349985
cpe:2.3:a:john_lim:adodb:4.66:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:john_lim:adodb:4.66:*:*:*:*:*:*:*
cpe:2.3:a:john_lim:adodb:4.68:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:john_lim:adodb:4.68:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mantis:mantis:0.19.4:*:*:*:*:*:*:*
cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mantis:mantis:1.0.0_rc4:*:*:*:*:*:*:*
cpe:2.3:a:mediabeez:mediabeez:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mediabeez:mediabeez:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.5.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.761:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:postnuke_software_foundation:postnuke:0.761:*:*:*:*:*:*:*
cpe:2.3:a:the_cacti_group:cacti:0.8.6g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:the_cacti_group:cacti:0.8.6g:*:*:*:*:*:*:*
CVE-2006-0146 https://nvd.nist.gov/vuln/detail/CVE-2006-0146
GLSA-200604-07 https://security.gentoo.org/glsa/200604-07
OSVDB-24878;CVE-2006-2029;OSVDB-24562;CVE-2006-1779;OSVDB-24561;CVE-2006-1778;OSVDB-24560;CVE-2006-1777;CVE-2006-1776;OSVDB-24559;CVE-2006-0147;OSVDB-22291;OSVDB-22290;CVE-2006-0146 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/1663.php
Data source Exploit-DB
Date added April 10, 2006
Description Simplog 0.9.2 - 's' Remote Command Execution
Ransomware campaign use Known
Source publication date April 11, 2006
Exploit type webapps
Platform php
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2006-0146
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.92795
EPSS Score 0.09474
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:00:58.614327+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/200604-07 38.0.0