Detections
Analytics

CVE-2005-1921

critical

Description

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

References

http://www.mandriva.com/security/advisories?name=MDKSA-2005:109

http://www.hardened-php.net/advisory-022005.php

http://www.gulftech.org/?node=research&article_id=00087-07012005

http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt

http://www.debian.org/security/2005/dsa-789

http://www.debian.org/security/2005/dsa-747

http://www.debian.org/security/2005/dsa-746

http://www.debian.org/security/2005/dsa-745

http://sourceforge.net/project/showfiles.php?group_id=87163

http://security.gentoo.org/glsa/glsa-200507-07.xml

http://security.gentoo.org/glsa/glsa-200507-06.xml

http://security.gentoo.org/glsa/glsa-200507-01.xml

http://pear.php.net/package/XML_RPC/download/1.3.1

http://marc.info/?l=bugtraq&m=112605112027335&w=2

http://marc.info/?l=bugtraq&m=112015336720867&w=2

http://marc.info/?l=bugtraq&m=112008638320145&w=2

Details

Source: Mitre, NVD

Published: 2005-07-05

Updated: 2024-02-14

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical