CVE-2005-1921 Information

Feb 14, 2021 cve

Description

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier as used in products such as (1) WordPress (2) Serendipity (3) Drupal (4) egroupware (5) MailWatch (6) TikiWiki (7) phpWebSite (8) Ampache and others allows remote attackers to execute arbitrary PHP code via an XML file which is not properly sanitized before being used in an eval statement.

Reference

http://marc.info/?l=bugtraq&m=112008638320145&w=2 http://marc.info/?l=bugtraq&m=112015336720867&w=2 http://marc.info/?l=bugtraq&m=112605112027335&w=2 http://pear.php.net/package/XML_RPC/download/1.3.1 http://secunia.com/advisories/15810 http://secunia.com/advisories/15852 http://secunia.com/advisories/15855 http://secunia.com/advisories/15861 http://secunia.com/advisories/15872 http://secunia.com/advisories/15883 http://secunia.com/advisories/15884 http://secunia.com/advisories/15895 http://secunia.com/advisories/15903 http://secunia.com/advisories/15904 http://secunia.com/advisories/15916 http://secunia.com/advisories/15917 http://secunia.com/advisories/15922 http://secunia.com/advisories/15944 http://secunia.com/advisories/15947 http://secunia.com/advisories/15957 http://secunia.com/advisories/16001 http://secunia.com/advisories/16339 http://secunia.com/advisories/16693 http://secunia.com/advisories/17440 http://secunia.com/advisories/17674 http://secunia.com/advisories/18003 http://security.gentoo.org/glsa/glsa-200507-01.xml http://security.gentoo.org/glsa/glsa-200507-06.xml http://security.gentoo.org/glsa/glsa-200507-07.xml http://securitytracker.com/id?1015336 http://sourceforge.net/project/showfiles.php?group_id=87163 http://sourceforge.net/project/shownotes.php?release_id=338803 http://www.ampache.org/announce/3_3_1_2.php http://www.debian.org/security/2005/dsa-745 http://www.debian.org/security/2005/dsa-746 http://www.debian.org/security/2005/dsa-747 http://www.debian.org/security/2005/dsa-789 http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt http://www.gulftech.org/?node=research&article_id=00087-07012005 http://www.hardened-php.net/advisory-022005.php http://www.mandriva.com/security/advisories?name=MDKSA-2005:109 http://www.novell.com/linux/security/advisories/2005_18_sr.html http://www.novell.com/linux/security/advisories/2005_41_php_pear.html http://www.novell.com/linux/security/advisories/2005_49_php.html http://www.redhat.com/support/errata/RHSA-2005-564.html http://www.securityfocus.com/archive/1/419064/100/0/threaded http://www.securityfocus.com/bid/14088 http://www.vupen.com/english/advisories/2005/2827 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11294 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A350

Share on: