CVE - CVE-2005-1921

CVE-ID
CVE-2005-1921	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20050629 Advisory 02/2005: Remote code execution in Serendipity URL:http://marc.info/?l=bugtraq&m=112008638320145&w=2 MISC:http://pear.php.net/package/XML_RPC/download/1.3.1 MISC:http://www.gulftech.org/?node=research&article_id=00087-07012005 MISC:http://www.hardened-php.net/advisory-022005.php CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=338803 DEBIAN:DSA-745 URL:http://www.debian.org/security/2005/dsa-745 DEBIAN:DSA-747 URL:http://www.debian.org/security/2005/dsa-747 DEBIAN:DSA-789 URL:http://www.debian.org/security/2005/dsa-789 DEBIAN:DSA-746 URL:http://www.debian.org/security/2005/dsa-746 GENTOO:GLSA-200507-01 URL:http://security.gentoo.org/glsa/glsa-200507-01.xml GENTOO:GLSA-200507-06 URL:http://security.gentoo.org/glsa/glsa-200507-06.xml GENTOO:GLSA-200507-07 URL:http://security.gentoo.org/glsa/glsa-200507-07.xml HP:HPSBTU02083 URL:http://www.securityfocus.com/archive/1/419064/100/0/threaded HP:SSRT051069 URL:http://www.securityfocus.com/archive/1/419064/100/0/threaded MANDRAKE:MDKSA-2005:109 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:109 REDHAT:RHSA-2005:564 URL:http://www.redhat.com/support/errata/RHSA-2005-564.html SUSE:SUSE-SA:2005:051 URL:http://marc.info/?l=bugtraq&m=112605112027335&w=2 BUGTRAQ:20050629 [DRUPAL-SA-2005-003] Drupal 4.6.2 / 4.5.4 fixes critical XML-RPC issue URL:http://marc.info/?l=bugtraq&m=112015336720867&w=2 CONFIRM:http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt CONFIRM:http://sourceforge.net/project/showfiles.php?group_id=87163 CONFIRM:http://www.ampache.org/announce/3_3_1_2.php SUSE:SUSE-SA:2005:041 URL:http://www.novell.com/linux/security/advisories/2005_41_php_pear.html SUSE:SUSE-SA:2005:049 URL:http://www.novell.com/linux/security/advisories/2005_49_php.html SUSE:SUSE-SR:2005:018 URL:http://www.novell.com/linux/security/advisories/2005_18_sr.html BID:14088 URL:http://www.securityfocus.com/bid/14088 OVAL:oval:org.mitre.oval:def:11294 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11294 VUPEN:ADV-2005-2827 URL:http://www.vupen.com/english/advisories/2005/2827 OVAL:oval:org.mitre.oval:def:350 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A350 SECTRACK:1015336 URL:http://securitytracker.com/id?1015336 SECUNIA:15852 URL:http://secunia.com/advisories/15852 SECUNIA:15872 URL:http://secunia.com/advisories/15872 SECUNIA:15944 URL:http://secunia.com/advisories/15944 SECUNIA:15947 URL:http://secunia.com/advisories/15947 SECUNIA:15957 URL:http://secunia.com/advisories/15957 SECUNIA:16001 URL:http://secunia.com/advisories/16001 SECUNIA:18003 URL:http://secunia.com/advisories/18003 SECUNIA:15810 URL:http://secunia.com/advisories/15810 SECUNIA:15855 URL:http://secunia.com/advisories/15855 SECUNIA:15861 URL:http://secunia.com/advisories/15861 SECUNIA:15883 URL:http://secunia.com/advisories/15883 SECUNIA:15884 URL:http://secunia.com/advisories/15884 SECUNIA:15895 URL:http://secunia.com/advisories/15895 SECUNIA:15903 URL:http://secunia.com/advisories/15903 SECUNIA:15904 URL:http://secunia.com/advisories/15904 SECUNIA:15916 URL:http://secunia.com/advisories/15916 SECUNIA:15917 URL:http://secunia.com/advisories/15917 SECUNIA:15922 URL:http://secunia.com/advisories/15922 SECUNIA:16339 URL:http://secunia.com/advisories/16339 SECUNIA:16693 URL:http://secunia.com/advisories/16693 SECUNIA:17440 URL:http://secunia.com/advisories/17440 SECUNIA:17674 URL:http://secunia.com/advisories/17674
Assigning CNA
N/A
Date Entry Created
20050608	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20050608)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org