Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
CVSS v2.0 Score
7.5
/ 10.0
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Information
- Published
- 5 juil. 2005
- Updated
- 16 avr. 2026
- Status
- Modified
- Source
- secalert@redhat.com
Affected products
php xml rpc
Versions : 1.3.0
gggeek phpxmlrpc
Versions : 1.1
drupal drupal
Versions : 4.5.4, 4.6.2
tiki tikiwiki cms\/groupware
Versions : 1.8.5
debian debian linux
Versions : 3.1
Weaknesses (CWE)
CWE-94
References (100)
- http://marc.info/?l=bugtraq&m=112008638320145&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=112015336720867&w=2Third Party Advisory
- http://marc.info/?l=bugtraq&m=112605112027335&w=2Third Party Advisory
- http://secunia.com/advisories/15810Broken Link
- http://secunia.com/advisories/15852Broken Link
- http://secunia.com/advisories/15855Broken Link
- http://secunia.com/advisories/15861Broken Link
- http://secunia.com/advisories/15872Broken Link
- http://secunia.com/advisories/15883Broken Link
- http://secunia.com/advisories/15884Broken Link
- http://secunia.com/advisories/15895Broken Link
- http://secunia.com/advisories/15903Broken Link
- http://secunia.com/advisories/15904Broken Link
- http://secunia.com/advisories/15916Broken Link
- + 85 more references on NVD
Similar CVEs
Other vulnerabilities of type CWE-94
Loading…
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.