CVE - CVE-2005-1921

CVE-ID
CVE-2005-1921	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1015336 URL:http://securitytracker.com/id?1015336 MISC:14088 URL:http://www.securityfocus.com/bid/14088 MISC:15810 URL:http://secunia.com/advisories/15810 MISC:15852 URL:http://secunia.com/advisories/15852 MISC:15855 URL:http://secunia.com/advisories/15855 MISC:15861 URL:http://secunia.com/advisories/15861 MISC:15872 URL:http://secunia.com/advisories/15872 MISC:15883 URL:http://secunia.com/advisories/15883 MISC:15884 URL:http://secunia.com/advisories/15884 MISC:15895 URL:http://secunia.com/advisories/15895 MISC:15903 URL:http://secunia.com/advisories/15903 MISC:15904 URL:http://secunia.com/advisories/15904 MISC:15916 URL:http://secunia.com/advisories/15916 MISC:15917 URL:http://secunia.com/advisories/15917 MISC:15922 URL:http://secunia.com/advisories/15922 MISC:15944 URL:http://secunia.com/advisories/15944 MISC:15947 URL:http://secunia.com/advisories/15947 MISC:15957 URL:http://secunia.com/advisories/15957 MISC:16001 URL:http://secunia.com/advisories/16001 MISC:16339 URL:http://secunia.com/advisories/16339 MISC:16693 URL:http://secunia.com/advisories/16693 MISC:17440 URL:http://secunia.com/advisories/17440 MISC:17674 URL:http://secunia.com/advisories/17674 MISC:18003 URL:http://secunia.com/advisories/18003 MISC:20050629 Advisory 02/2005: Remote code execution in Serendipity URL:http://marc.info/?l=bugtraq&m=112008638320145&w=2 MISC:20050629 [DRUPAL-SA-2005-003] Drupal 4.6.2 / 4.5.4 fixes critical XML-RPC issue URL:http://marc.info/?l=bugtraq&m=112015336720867&w=2 MISC:ADV-2005-2827 URL:~~http://www.vupen.com/english/advisories/2005/2827~~ (Obsolete source) MISC:DSA-745 URL:http://www.debian.org/security/2005/dsa-745 MISC:DSA-746 URL:http://www.debian.org/security/2005/dsa-746 MISC:DSA-747 URL:http://www.debian.org/security/2005/dsa-747 MISC:DSA-789 URL:http://www.debian.org/security/2005/dsa-789 MISC:GLSA-200507-01 URL:http://security.gentoo.org/glsa/glsa-200507-01.xml MISC:GLSA-200507-06 URL:http://security.gentoo.org/glsa/glsa-200507-06.xml MISC:GLSA-200507-07 URL:http://security.gentoo.org/glsa/glsa-200507-07.xml MISC:HPSBTU02083 URL:http://www.securityfocus.com/archive/1/419064/100/0/threaded MISC:MDKSA-2005:109 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2005:109~~ (Obsolete source) MISC:RHSA-2005:564 URL:http://www.redhat.com/support/errata/RHSA-2005-564.html MISC:SSRT051069 URL:http://www.securityfocus.com/archive/1/419064/100/0/threaded MISC:SUSE-SA:2005:041 URL:http://www.novell.com/linux/security/advisories/2005_41_php_pear.html MISC:SUSE-SA:2005:049 URL:http://www.novell.com/linux/security/advisories/2005_49_php.html MISC:SUSE-SA:2005:051 URL:http://marc.info/?l=bugtraq&m=112605112027335&w=2 MISC:SUSE-SR:2005:018 URL:http://www.novell.com/linux/security/advisories/2005_18_sr.html MISC:http://pear.php.net/package/XML_RPC/download/1.3.1 URL:http://pear.php.net/package/XML_RPC/download/1.3.1 MISC:http://sourceforge.net/project/showfiles.php?group_id=87163 URL:http://sourceforge.net/project/showfiles.php?group_id=87163 MISC:http://sourceforge.net/project/shownotes.php?release_id=338803 URL:http://sourceforge.net/project/shownotes.php?release_id=338803 MISC:http://www.ampache.org/announce/3_3_1_2.php URL:http://www.ampache.org/announce/3_3_1_2.php MISC:http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt URL:http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt MISC:http://www.gulftech.org/?node=research&article_id=00087-07012005 URL:http://www.gulftech.org/?node=research&article_id=00087-07012005 MISC:http://www.hardened-php.net/advisory-022005.php URL:http://www.hardened-php.net/advisory-022005.php MISC:oval:org.mitre.oval:def:11294 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11294 MISC:oval:org.mitre.oval:def:350 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A350
Assigning CNA
Red Hat, Inc.
Date Record Created
20050608	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20050608)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)