7.5

CVE-2005-1921

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpXml Rpc SwPlatformpear Version <= 1.3.0
GggeekPhpxmlrpc Version <= 1.1
DrupalDrupal Version < 4.5.4
DrupalDrupal Version >= 4.6.0 < 4.6.2
DebianDebian Linux Version3.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 79.07% 0.995
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://www.novell.com/linux/security/advisories/2005_18_sr.html
Broken Link
http://www.debian.org/security/2005/dsa-789
Third Party Advisory
Mailing List
http://www.redhat.com/support/errata/RHSA-2005-564.html
Broken Link
http://marc.info/?l=bugtraq&m=112008638320145&w=2
Third Party Advisory
http://marc.info/?l=bugtraq&m=112015336720867&w=2
Third Party Advisory
http://marc.info/?l=bugtraq&m=112605112027335&w=2
Third Party Advisory
http://pear.php.net/package/XML_RPC/download/1.3.1
Patch
Product
http://secunia.com/advisories/15810
Broken Link
http://secunia.com/advisories/15852
Broken Link
http://secunia.com/advisories/15855
Broken Link
http://secunia.com/advisories/15861
Broken Link
http://secunia.com/advisories/15872
Broken Link
http://secunia.com/advisories/15883
Broken Link
http://secunia.com/advisories/15884
Broken Link
http://secunia.com/advisories/15895
Broken Link
http://secunia.com/advisories/15903
Broken Link
http://secunia.com/advisories/15904
Broken Link
http://secunia.com/advisories/15916
Broken Link
http://secunia.com/advisories/15917
Broken Link
http://secunia.com/advisories/15922
Broken Link
http://secunia.com/advisories/15944
Broken Link
http://secunia.com/advisories/15947
Broken Link
http://secunia.com/advisories/15957
Broken Link
http://secunia.com/advisories/16001
Broken Link
http://secunia.com/advisories/16339
Broken Link
http://secunia.com/advisories/16693
Broken Link
http://secunia.com/advisories/17440
Broken Link
http://secunia.com/advisories/17674
Broken Link
http://secunia.com/advisories/18003
Broken Link
http://security.gentoo.org/glsa/glsa-200507-01.xml
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200507-06.xml
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200507-07.xml
Third Party Advisory
http://securitytracker.com/id?1015336
Third Party Advisory
Broken Link
VDB Entry
http://sourceforge.net/project/showfiles.php?group_id=87163
Product
http://sourceforge.net/project/shownotes.php?release_id=338803
Broken Link
http://www.ampache.org/announce/3_3_1_2.php
Broken Link
http://www.debian.org/security/2005/dsa-745
Third Party Advisory
Mailing List
http://www.debian.org/security/2005/dsa-746
Third Party Advisory
Mailing List
http://www.debian.org/security/2005/dsa-747
Third Party Advisory
Mailing List
http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt
Third Party Advisory
http://www.gulftech.org/?node=research&article_id=00087-07012005
Vendor Advisory
Not Applicable
http://www.hardened-php.net/advisory-022005.php
Not Applicable
http://www.mandriva.com/security/advisories?name=MDKSA-2005:109
Patch
Third Party Advisory
Vendor Advisory
http://www.novell.com/linux/security/advisories/2005_41_php_pear.html
Broken Link
http://www.novell.com/linux/security/advisories/2005_49_php.html
Broken Link
http://www.securityfocus.com/archive/1/419064/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/14088
Third Party Advisory
Broken Link
VDB Entry
http://www.vupen.com/english/advisories/2005/2827
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11294
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A350
Broken Link