Published at LXer:
Two vulnerabilities were identified in ADOdb, which could be exploited by remote attackers to execute arbitrary commands. The first issue is due to an input validation error in the "server.php" test script that does not properly validate the "sql" variable, which could be exploited by attackers to execute arbitrary SQL queries (when the MySQL password for the root user is empty). The second flaw is due to an input validation error in the "tests/tmssql.php" test script that does not properly validate the "do" parameter, which could be exploited by remote attackers to call arbitrary PHP functions.
Read More...