Back to search
CVE-2005-2498
Published: Aug 15, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-789
vendor-advisory
x_refsource_DEBIAN
17066
third-party-advisory
x_refsource_SECUNIA
16441
third-party-advisory
x_refsource_SECUNIA
20050817 [PHPADSNEW-SA-2005-001] phpAdsNew and phpPgAds 2.0.6 fix multiple vulnerabilities
mailing-list
x_refsource_BUGTRAQ
16491
third-party-advisory
x_refsource_SECUNIA
16619
third-party-advisory
x_refsource_SECUNIA
20050815 [DRUPAL-SA-2005-004] Drupal 4.6.3 / 4.5.5 fixes critical XML-RPC issue
mailing-list
x_refsource_BUGTRAQ
SUSE-SA:2005:051
vendor-advisory
x_refsource_SUSE
16460
third-party-advisory
x_refsource_SECUNIA
RHSA-2005:748
vendor-advisory
x_refsource_REDHAT
14560
vdb-entry
x_refsource_BID
16558
third-party-advisory
x_refsource_SECUNIA
DSA-840
vendor-advisory
x_refsource_DEBIAN
16431
third-party-advisory
x_refsource_SECUNIA
16693
third-party-advisory
x_refsource_SECUNIA
FLSA:166943
vendor-advisory
x_refsource_FEDORA
SUSE-SA:2005:049
vendor-advisory
x_refsource_SUSE
17440
third-party-advisory
x_refsource_SECUNIA
20050815 Advisory 15/2005: PHPXMLRPC Remote PHP Code Injection Vulnerability
mailing-list
x_refsource_BUGTRAQ
16976
third-party-advisory
x_refsource_SECUNIA
GLSA-200509-19
vendor-advisory
x_refsource_GENTOO
16469
third-party-advisory
x_refsource_SECUNIA
16563
third-party-advisory
x_refsource_SECUNIA
17053
third-party-advisory
x_refsource_SECUNIA
DSA-798
vendor-advisory
x_refsource_DEBIAN
16468
third-party-advisory
x_refsource_SECUNIA
DSA-842
vendor-advisory
x_refsource_DEBIAN
16465
third-party-advisory
x_refsource_SECUNIA
16635
third-party-advisory
x_refsource_SECUNIA
http://www.hardened-php.net/advisory_152005.67.html
x_refsource_MISC
16432
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:9569
vdb-entry
signature
x_refsource_OVAL
16550
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now