CVE-2006-4976 (CNNVD-200609-424)

MEDIUM
中文标题:
John Lim ADOdb Library for PHP 敏感信息泄露漏洞
英文标题:
The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive infor...
CVSS分数: 5.0
发布时间: 2006-09-25 01:00:00
漏洞类型: 授权问题
状态: PUBLISHED
数据质量分数: 0.30
数据版本: v3
漏洞描述
中文描述:

John Lim ADOdb Library for PHP中的日期程序库,可让远程攻击者通过直接请求以下文件,在各种错误消息中揭示路径,从而获取敏感信息:(1) server.php、(2)adodb-errorpear.inc.php、(3)adodb-iterator.inc.php、(4)adodb-pear.inc.php、(5)adodb-perf.inc.php、(6)adodb-xmlschema.inc.php和(7)adodb.inc.php;datadict中的文件,包括(8)datadict-access.inc.php、(9)datadict-db2.inc.php、(10)datadict-generic.inc.php、(11)datadict-ibase.inc.php、(12)datadict-informix.inc.php、(13)datadict-mssql.inc.php、(14) datadict-mysql.inc.php、(15)datadict-oci8.inc.php、(16)datadict-postgres.inc.php和(17) datadict-sybase.inc.php;drivers/中的文件,包括(18) adodb-access.inc.php、(19)adodb-ado.inc.php、(20)adodb-ado_access.inc.php、(21)adodb-ado_mssql.inc.php、(22)adodb-borland_ibase.inc.php、(23) adodb-csv.inc.php、(24)adodb-db2.inc.php、(25) adodb-fbsql.inc.php、(26) adodb-firebird.inc.php、(27)adodb-ibase.inc.php、(28) adodb-informix.inc.php、(29)adodb-informix72.inc.php、(30)adodb-mssql.inc.php、(31) adodb-mssqlpo.inc.php、(32)adodb-mysql.inc.php、(33) adodb-mysqli.inc.php、(34)adodb-mysqlt.inc.php、(35) adodb-oci8.inc.php、(36) adodb-oci805.inc.php、(37)adodb-oci8po.inc.php、(38) adodb-odbc.inc.php、(39)adodb-odbc_mssql.inc.php、(40) adodb-odbc_oracle.inc.php、(41) adodb-oracle.inc.php、(42)adodb-postgres64.inc.php、(43) adodb-postgres7.inc.php、(44) adodb-proxy.inc.php、(45) adodb-sapdb.inc.php、(46)adodb-sqlanywhere.inc.php、(47)adodb-sqlite.inc.php、(48) adodb-sybase.inc.php、(49) adodb-vfp.inc.php;perf/中的文件,包括(50)perf-db2.inc.php、(51) perf-informix.inc.php、(52)perf-mssql.inc.php、(53) perf-mysql.inc.php、(54) perf-oci8.inc.php、(55)perf-postgres.inc.php;tests/中的文件,包括(56)benchmark.php、(57)client.php、(58) test-datadict.php、(59) test-perf.php、(60)test-pgblob.php、(61)test-php5.php、(62) test-xmlschema.php、(63)test.php、(64) test2.php、(65)test3.php、(66)test4.php、(67)test5.php、(68) test_rs_array.php、(69) testcache.php、(70)testdatabases.inc.php、(71)testgenid.php、(72)testmssql.php、(73)testoci8.php、(74)testoci8cursor.php、(75) testpaging.php、(76)testpear.php、(77)testsessions.php、(78)time.php或(79)tmssql.php。

英文描述:

The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for (1) server.php, (2) adodb-errorpear.inc.php, (3) adodb-iterator.inc.php, (4) adodb-pear.inc.php, (5) adodb-perf.inc.php, (6) adodb-xmlschema.inc.php, and (7) adodb.inc.php; files in datadict including (8) datadict-access.inc.php, (9) datadict-db2.inc.php, (10) datadict-generic.inc.php, (11) datadict-ibase.inc.php, (12) datadict-informix.inc.php, (13) datadict-mssql.inc.php, (14) datadict-mysql.inc.php, (15) datadict-oci8.inc.php, (16) datadict-postgres.inc.php, and (17) datadict-sybase.inc.php; files in drivers/ including (18) adodb-access.inc.php, (19) adodb-ado.inc.php, (20) adodb-ado_access.inc.php, (21) adodb-ado_mssql.inc.php, (22) adodb-borland_ibase.inc.php, (23) adodb-csv.inc.php, (24) adodb-db2.inc.php, (25) adodb-fbsql.inc.php, (26) adodb-firebird.inc.php, (27) adodb-ibase.inc.php, (28) adodb-informix.inc.php, (29) adodb-informix72.inc.php, (30) adodb-mssql.inc.php, (31) adodb-mssqlpo.inc.php, (32) adodb-mysql.inc.php, (33) adodb-mysqli.inc.php, (34) adodb-mysqlt.inc.php, (35) adodb-oci8.inc.php, (36) adodb-oci805.inc.php, (37) adodb-oci8po.inc.php, (38) adodb-odbc.inc.php, (39) adodb-odbc_mssql.inc.php, (40) adodb-odbc_oracle.inc.php, (41) adodb-oracle.inc.php, (42) adodb-postgres64.inc.php, (43) adodb-postgres7.inc.php, (44) adodb-proxy.inc.php, (45) adodb-sapdb.inc.php, (46) adodb-sqlanywhere.inc.php, (47) adodb-sqlite.inc.php, (48) adodb-sybase.inc.php, (49) adodb-vfp.inc.php; file in perf/ including (50) perf-db2.inc.php, (51) perf-informix.inc.php, (52) perf-mssql.inc.php, (53) perf-mysql.inc.php, (54) perf-oci8.inc.php, (55) perf-postgres.inc.php; tests/ files (56) benchmark.php, (57) client.php, (58) test-datadict.php, (59) test-perf.php, (60) test-pgblob.php, (61) test-php5.php, (62) test-xmlschema.php, (63) test.php, (64) test2.php, (65) test3.php, (66) test4.php, (67) test5.php, (68) test_rs_array.php, (69) testcache.php, (70) testdatabases.inc.php, (71) testgenid.php, (72) testmssql.php, (73) testoci8.php, (74) testoci8cursor.php, (75) testpaging.php, (76) testpear.php, (77) testsessions.php, (78) time.php, or (79) tmssql.php, which reveals the path in various error messages.

CWE类型:
(暂无数据)
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
john_lim adodb_date_library * - - cpe:2.3:a:john_lim:adodb_date_library:*:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
1629 third-party-advisory
cve.org
访问
20060914 ADOdb Date Library Full path Bugs mailing-list
cve.org
访问
CVSS评分详情
5.0
MEDIUM
CVSS向量: AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS版本: 2.0
机密性
PARTIAL
完整性
NONE
可用性
NONE
时间信息
发布时间:
2006-09-25 01:00:00
修改时间:
2024-08-07 19:32:22
创建时间:
2025-11-11 15:32:37
更新时间:
2025-11-11 15:49:10
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2006-4976 2025-11-11 15:17:45 2025-11-11 07:32:37
NVD nvd_CVE-2006-4976 2025-11-11 14:51:51 2025-11-11 07:41:22
CNNVD cnnvd_CNNVD-200609-424 2025-11-11 15:08:53 2025-11-11 07:49:10
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2025-11-11 15:49:10
vulnerability_type: 未提取 → 授权问题; cnnvd_id: 未提取 → CNNVD-200609-424; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 授权问题
  • cnnvd_id: 未提取 -> CNNVD-200609-424
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:41:22
cvss_score: 未提取 → 5.0; cvss_vector: NOT_EXTRACTED → AV:N/AC:L/Au:N/C:P/I:N/A:N; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 1; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • cvss_score: 未提取 -> 5.0
  • cvss_vector: NOT_EXTRACTED -> AV:N/AC:L/Au:N/C:P/I:N/A:N
  • cvss_version: NOT_EXTRACTED -> 2.0
  • affected_products_count: 0 -> 1
  • data_sources: ['cve'] -> ['cve', 'nvd']