Back to search
CVE-2005-1921
Published: Jul 1, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
oval:org.mitre.oval:def:350
vdb-entry
signature
x_refsource_OVAL
DSA-789
vendor-advisory
x_refsource_DEBIAN
15947
third-party-advisory
x_refsource_SECUNIA
15852
third-party-advisory
x_refsource_SECUNIA
15944
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2005:018
vendor-advisory
x_refsource_SUSE
15883
third-party-advisory
x_refsource_SECUNIA
15872
third-party-advisory
x_refsource_SECUNIA
15895
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:11294
vdb-entry
signature
x_refsource_OVAL
1015336
vdb-entry
x_refsource_SECTRACK
DSA-746
vendor-advisory
x_refsource_DEBIAN
17674
third-party-advisory
x_refsource_SECUNIA
http://www.gulftech.org/?node=research&article_id=00087-07012005
x_refsource_MISC
ADV-2005-2827
vdb-entry
x_refsource_VUPEN
15917
third-party-advisory
x_refsource_SECUNIA
DSA-747
vendor-advisory
x_refsource_DEBIAN
SUSE-SA:2005:041
vendor-advisory
x_refsource_SUSE
http://www.hardened-php.net/advisory-022005.php
x_refsource_MISC
SSRT051069
vendor-advisory
x_refsource_HP
SUSE-SA:2005:051
vendor-advisory
x_refsource_SUSE
15957
third-party-advisory
x_refsource_SECUNIA
http://www.ampache.org/announce/3_3_1_2.php
x_refsource_CONFIRM
15810
third-party-advisory
x_refsource_SECUNIA
GLSA-200507-01
vendor-advisory
x_refsource_GENTOO
http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt
x_refsource_CONFIRM
14088
vdb-entry
x_refsource_BID
16693
third-party-advisory
x_refsource_SECUNIA
20050629 Advisory 02/2005: Remote code execution in Serendipity
mailing-list
x_refsource_BUGTRAQ
20050629 [DRUPAL-SA-2005-003] Drupal 4.6.2 / 4.5.4 fixes critical XML-RPC issue
mailing-list
x_refsource_BUGTRAQ
GLSA-200507-07
vendor-advisory
x_refsource_GENTOO
15904
third-party-advisory
x_refsource_SECUNIA
15903
third-party-advisory
x_refsource_SECUNIA
SUSE-SA:2005:049
vendor-advisory
x_refsource_SUSE
http://sourceforge.net/project/shownotes.php?release_id=338803
x_refsource_CONFIRM
17440
third-party-advisory
x_refsource_SECUNIA
15922
third-party-advisory
x_refsource_SECUNIA
15884
third-party-advisory
x_refsource_SECUNIA
15916
third-party-advisory
x_refsource_SECUNIA
RHSA-2005:564
vendor-advisory
x_refsource_REDHAT
http://pear.php.net/package/XML_RPC/download/1.3.1
x_refsource_MISC
16001
third-party-advisory
x_refsource_SECUNIA
http://sourceforge.net/project/showfiles.php?group_id=87163
x_refsource_CONFIRM
MDKSA-2005:109
vendor-advisory
x_refsource_MANDRAKE
GLSA-200507-06
vendor-advisory
x_refsource_GENTOO
DSA-745
vendor-advisory
x_refsource_DEBIAN
HPSBTU02083
vendor-advisory
x_refsource_HP
15855
third-party-advisory
x_refsource_SECUNIA
16339
third-party-advisory
x_refsource_SECUNIA
18003
third-party-advisory
x_refsource_SECUNIA
15861
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now