7.5

CVE-2005-1921

EPSS 86.15%
Veröffentlicht 05.07.2005 04:00:00
Zuletzt bearbeitet 16.04.2026 00:27:16
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 53

NVD 5 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Php ≫ Xml Rpc SwPlatformpear Version <= 1.3.0

Gggeek ≫ Phpxmlrpc Version <= 1.1

Drupal ≫ Drupal Version < 4.5.4

Drupal ≫ Drupal Version >= 4.6.0 < 4.6.2

Debian ≫ Debian Linux Version3.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	86.15%	0.994

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://www.novell.com/linux/security/advisories/2005_18_sr.html

Broken Link

http://www.debian.org/security/2005/dsa-789

Third Party Advisory

Mailing List

http://www.redhat.com/support/errata/RHSA-2005-564.html

Broken Link

http://marc.info/?l=bugtraq&m=112008638320145&w=2

Third Party Advisory

http://marc.info/?l=bugtraq&m=112015336720867&w=2

Third Party Advisory

http://marc.info/?l=bugtraq&m=112605112027335&w=2

Third Party Advisory

http://pear.php.net/package/XML_RPC/download/1.3.1

Patch

Product

http://secunia.com/advisories/15810

Broken Link

http://secunia.com/advisories/15852

Broken Link

http://secunia.com/advisories/15855

Broken Link

http://secunia.com/advisories/15861

Broken Link

http://secunia.com/advisories/15872

Broken Link

http://secunia.com/advisories/15883

Broken Link

http://secunia.com/advisories/15884

Broken Link

http://secunia.com/advisories/15895

Broken Link

http://secunia.com/advisories/15903

Broken Link

http://secunia.com/advisories/15904

Broken Link

http://secunia.com/advisories/15916

Broken Link

http://secunia.com/advisories/15917

Broken Link

http://secunia.com/advisories/15922

Broken Link

http://secunia.com/advisories/15944

Broken Link

http://secunia.com/advisories/15947

Broken Link

http://secunia.com/advisories/15957

Broken Link

http://secunia.com/advisories/16001

Broken Link

http://secunia.com/advisories/16339

Broken Link

http://secunia.com/advisories/16693

Broken Link

http://secunia.com/advisories/17440

Broken Link

http://secunia.com/advisories/17674

Broken Link

http://secunia.com/advisories/18003

Broken Link

http://security.gentoo.org/glsa/glsa-200507-01.xml

Third Party Advisory

http://security.gentoo.org/glsa/glsa-200507-06.xml

Third Party Advisory

http://security.gentoo.org/glsa/glsa-200507-07.xml

Third Party Advisory

http://securitytracker.com/id?1015336

Third Party Advisory

Broken Link

VDB Entry

http://sourceforge.net/project/showfiles.php?group_id=87163

Product

http://sourceforge.net/project/shownotes.php?release_id=338803

Broken Link

http://www.ampache.org/announce/3_3_1_2.php

Broken Link

http://www.debian.org/security/2005/dsa-745

Third Party Advisory

Mailing List

http://www.debian.org/security/2005/dsa-746

Third Party Advisory

Mailing List

http://www.debian.org/security/2005/dsa-747

Third Party Advisory

Mailing List

http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt

Third Party Advisory

http://www.gulftech.org/?node=research&article_id=00087-07012005

Vendor Advisory

Not Applicable

http://www.hardened-php.net/advisory-022005.php

Not Applicable

http://www.mandriva.com/security/advisories?name=MDKSA-2005:109

Patch

Third Party Advisory

Vendor Advisory

http://www.novell.com/linux/security/advisories/2005_41_php_pear.html

Broken Link

http://www.novell.com/linux/security/advisories/2005_49_php.html

Broken Link

http://www.securityfocus.com/archive/1/419064/100/0/threaded

Third Party Advisory

Broken Link

VDB Entry

http://www.securityfocus.com/bid/14088

Third Party Advisory

Broken Link

VDB Entry

http://www.vupen.com/english/advisories/2005/2827

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11294

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A350

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2005-1921

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-1921

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-1921

EUVD