Intrusion Prevention

ADODB.Tmssql.PHP.XSS

Description

It indicates a possible exploit of a cross-site scripting vulnerability in ADOdb.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user, in the context of the affected site. This may help the attacker to steal cookie-based authentication credentials and launch other attacks.

Affected Products

ADOdb ADOdb 4.70
ADOdb ADOdb 4.68
ADOdb ADOdb 4.66

Impact

The execution of arbitrary code on the system.

Recommended Actions

Upgrade to the latest version of ADOdb (4.70-for-php or later), available from SourceForge.net.
http://sourceforge.net/project/showfiles.php?group_id=42718

CVE References

CVE-2006-0147