7.5

CVE-2005-1921

EPSS 86.9%
Published 05.07.2005 04:00:00
Last modified 03.04.2025 01:03:51
Source secalert@redhat.com
Teams watchlist Login
Open Login

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

Affected products Warnungen 0 Metrics 2 CWE 1 References 53

Data is provided by the National Vulnerability Database (NVD)

Php ≫ Xml Rpc SwPlatformpear Version <= 1.3.0

Gggeek ≫ Phpxmlrpc Version <= 1.1

Drupal ≫ Drupal Version < 4.5.4

Drupal ≫ Drupal Version >= 4.6.0 < 4.6.2

Debian ≫ Debian Linux Version3.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	86.9%	0.993

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://www.novell.com/linux/security/advisories/2005_18_sr.html

Broken Link

http://www.debian.org/security/2005/dsa-789

Third Party Advisory

Mailing List

http://www.redhat.com/support/errata/RHSA-2005-564.html

Broken Link

http://marc.info/?l=bugtraq&m=112008638320145&w=2

Third Party Advisory

http://marc.info/?l=bugtraq&m=112015336720867&w=2

Third Party Advisory

http://marc.info/?l=bugtraq&m=112605112027335&w=2

Third Party Advisory

http://pear.php.net/package/XML_RPC/download/1.3.1

Patch

Product

http://secunia.com/advisories/15810

Broken Link

http://secunia.com/advisories/15852

Broken Link

http://secunia.com/advisories/15855

Broken Link

http://secunia.com/advisories/15861

Broken Link

http://secunia.com/advisories/15872

Broken Link

http://secunia.com/advisories/15883

Broken Link

http://secunia.com/advisories/15884

Broken Link

http://secunia.com/advisories/15895

Broken Link

http://secunia.com/advisories/15903

Broken Link

http://secunia.com/advisories/15904

Broken Link

http://secunia.com/advisories/15916

Broken Link

http://secunia.com/advisories/15917

Broken Link

http://secunia.com/advisories/15922

Broken Link

http://secunia.com/advisories/15944

Broken Link

http://secunia.com/advisories/15947

Broken Link

http://secunia.com/advisories/15957

Broken Link

http://secunia.com/advisories/16001

Broken Link

http://secunia.com/advisories/16339

Broken Link

http://secunia.com/advisories/16693

Broken Link

http://secunia.com/advisories/17440

Broken Link

http://secunia.com/advisories/17674

Broken Link

http://secunia.com/advisories/18003

Broken Link

http://security.gentoo.org/glsa/glsa-200507-01.xml

Third Party Advisory

http://security.gentoo.org/glsa/glsa-200507-06.xml

Third Party Advisory

http://security.gentoo.org/glsa/glsa-200507-07.xml

Third Party Advisory

http://securitytracker.com/id?1015336

Third Party Advisory

Broken Link

VDB Entry

http://sourceforge.net/project/showfiles.php?group_id=87163

Product

http://sourceforge.net/project/shownotes.php?release_id=338803

Broken Link

http://www.ampache.org/announce/3_3_1_2.php

Broken Link

http://www.debian.org/security/2005/dsa-745

Third Party Advisory

Mailing List

http://www.debian.org/security/2005/dsa-746

Third Party Advisory

Mailing List

http://www.debian.org/security/2005/dsa-747

Third Party Advisory

Mailing List

http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt

Third Party Advisory

http://www.gulftech.org/?node=research&article_id=00087-07012005

Vendor Advisory

Not Applicable

http://www.hardened-php.net/advisory-022005.php

Not Applicable

http://www.mandriva.com/security/advisories?name=MDKSA-2005:109

Patch

Third Party Advisory

Vendor Advisory

http://www.novell.com/linux/security/advisories/2005_41_php_pear.html

Broken Link

http://www.novell.com/linux/security/advisories/2005_49_php.html

Broken Link

http://www.securityfocus.com/archive/1/419064/100/0/threaded

Third Party Advisory

Broken Link

VDB Entry

http://www.securityfocus.com/bid/14088

Third Party Advisory

Broken Link

VDB Entry

http://www.vupen.com/english/advisories/2005/2827

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11294

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A350

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2005-1921

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-1921

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-1921

EUVD