CVE-2005-1921

HIGH

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

Score CVSS v2.0

7.5

/ 10.0

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Informations

Publié: 5 juil. 2005
Mis à jour: 16 avr. 2026
Statut: Modified
Source: secalert@redhat.com

Produits affectés

php xml rpc

Versions : 1.3.0

gggeek phpxmlrpc

Versions : 1.1

drupal drupal

Versions : 4.5.4, 4.6.2

tiki tikiwiki cms\/groupware

Versions : 1.8.5

debian debian linux

Versions : 3.1

Faiblesses (CWE)

CWE-94

Références (100)

http://marc.info/?l=bugtraq&m=112008638320145&w=2
Third Party Advisory
http://marc.info/?l=bugtraq&m=112015336720867&w=2
Third Party Advisory
http://marc.info/?l=bugtraq&m=112605112027335&w=2
Third Party Advisory
http://pear.php.net/package/XML_RPC/download/1.3.1
PatchProduct
http://secunia.com/advisories/15810
Broken Link
http://secunia.com/advisories/15852
Broken Link
http://secunia.com/advisories/15855
Broken Link
http://secunia.com/advisories/15861
Broken Link
http://secunia.com/advisories/15872
Broken Link
http://secunia.com/advisories/15883
Broken Link
http://secunia.com/advisories/15884
Broken Link
http://secunia.com/advisories/15895
Broken Link
http://secunia.com/advisories/15903
Broken Link
http://secunia.com/advisories/15904
Broken Link
http://secunia.com/advisories/15916
Broken Link
+ 85 autres références sur NVD

CVEs similaires

Autres vulnérabilités de type CWE-94

Loading…

Surveillez vos produits

Recevez une alerte automatique à chaque nouvelle CVE affectant vos équipements.

Activer la surveillance