CVE-2005-2498 Information

Description

Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP) as used in multiple products including (1) Drupal (2) phpAdsNew (3) phpPgAds and (4) phpgroupware allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested which are injected into an eval function call a different vulnerability than CVE-2005-1921.

Reference

http://marc.info/?l=bugtraq&m=112412415822890&w=2 http://marc.info/?l=bugtraq&m=112431497300344&w=2 http://marc.info/?l=bugtraq&m=112605112027335&w=2 http://secunia.com/advisories/16431 http://secunia.com/advisories/16432 http://secunia.com/advisories/16441 http://secunia.com/advisories/16460 http://secunia.com/advisories/16465 http://secunia.com/advisories/16468 http://secunia.com/advisories/16469 http://secunia.com/advisories/16491 http://secunia.com/advisories/16550 http://secunia.com/advisories/16558 http://secunia.com/advisories/16563 http://secunia.com/advisories/16619 http://secunia.com/advisories/16635 http://secunia.com/advisories/16693 http://secunia.com/advisories/16976 http://secunia.com/advisories/17053 http://secunia.com/advisories/17066 http://secunia.com/advisories/17440 http://www.debian.org/security/2005/dsa-789 http://www.debian.org/security/2005/dsa-798 http://www.debian.org/security/2005/dsa-840 http://www.debian.org/security/2005/dsa-842 http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml http://www.hardened-php.net/advisory_152005.67.html http://www.novell.com/linux/security/advisories/2005_49_php.html http://www.redhat.com/support/errata/RHSA-2005-748.html http://www.securityfocus.com/archive/1/408125 http://www.securityfocus.com/bid/14560 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9569