CVE-2006-4976 (retired)

Priority
Description
The Date Library in John Lim ADOdb Library for PHP allows remote attackers
to obtain sensitive information via a direct request for (1) server.php,
(2) adodb-errorpear.inc.php, (3) adodb-iterator.inc.php, (4)
adodb-pear.inc.php, (5) adodb-perf.inc.php, (6) adodb-xmlschema.inc.php,
and (7) adodb.inc.php; files in datadict including (8)
datadict-access.inc.php, (9) datadict-db2.inc.php, (10)
datadict-generic.inc.php, (11) datadict-ibase.inc.php, (12)
datadict-informix.inc.php, (13) datadict-mssql.inc.php, (14)
datadict-mysql.inc.php, (15) datadict-oci8.inc.php, (16)
datadict-postgres.inc.php, and (17) datadict-sybase.inc.php; files in
drivers/ including (18) adodb-access.inc.php, (19) adodb-ado.inc.php, (20)
adodb-ado_access.inc.php, (21) adodb-ado_mssql.inc.php, (22)
adodb-borland_ibase.inc.php, (23) adodb-csv.inc.php, (24)
adodb-db2.inc.php, (25) adodb-fbsql.inc.php, (26) adodb-firebird.inc.php,
(27) adodb-ibase.inc.php, (28) adodb-informix.inc.php, (29)
adodb-informix72.inc.php, (30) adodb-mssql.inc.php, (31)
adodb-mssqlpo.inc.php, (32) adodb-mysql.inc.php, (33) adodb-mysqli.inc.php,
(34) adodb-mysqlt.inc.php, (35) adodb-oci8.inc.php, (36)
adodb-oci805.inc.php, (37) adodb-oci8po.inc.php, (38) adodb-odbc.inc.php,
(39) adodb-odbc_mssql.inc.php, (40) adodb-odbc_oracle.inc.php, (41)
adodb-oracle.inc.php, (42) adodb-postgres64.inc.php, (43)
adodb-postgres7.inc.php, (44) adodb-proxy.inc.php, (45)
adodb-sapdb.inc.php, (46) adodb-sqlanywhere.inc.php, (47)
adodb-sqlite.inc.php, (48) adodb-sybase.inc.php, (49) adodb-vfp.inc.php;
file in perf/ including (50) perf-db2.inc.php, (51) perf-informix.inc.php,
(52) perf-mssql.inc.php, (53) perf-mysql.inc.php, (54) perf-oci8.inc.php,
(55) perf-postgres.inc.php; tests/ files (56) benchmark.php, (57)
client.php, (58) test-datadict.php, (59) test-perf.php, (60)
test-pgblob.php, (61) test-php5.php, (62) test-xmlschema.php, (63)
test.php, (64) test2.php, (65) test3.php, (66) test4.php, (67) test5.php,
(68) test_rs_array.php, (69) testcache.php, (70) testdatabases.inc.php,
(71) testgenid.php, (72) testmssql.php, (73) testoci8.php, (74)
testoci8cursor.php, (75) testpaging.php, (76) testpear.php, (77)
testsessions.php, (78) time.php, or (79) tmssql.php, which reveals the path
in various error messages.
Notes
mdeslaurwhen using packages, full path is known anyway...not a security
issue.
Package
Upstream:needs-triage
More Information

Updated: 2019-10-09 07:04:30 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)