7.5

CVE-2005-2498

Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GggeekPhpxmlrpc Version <= 1.1.1
DebianDebian Linux Version3.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.09% 0.913
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://www.debian.org/security/2005/dsa-789
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=112605112027335&w=2
Third Party Advisory
http://secunia.com/advisories/16693
Broken Link
http://secunia.com/advisories/17440
Broken Link
http://www.novell.com/linux/security/advisories/2005_49_php.html
Broken Link
http://marc.info/?l=bugtraq&m=112412415822890&w=2
Third Party Advisory
http://marc.info/?l=bugtraq&m=112431497300344&w=2
Third Party Advisory
http://secunia.com/advisories/16431
Broken Link
http://secunia.com/advisories/16432
Broken Link
http://secunia.com/advisories/16441
Broken Link
http://secunia.com/advisories/16460
Broken Link
http://secunia.com/advisories/16465
Broken Link
http://secunia.com/advisories/16468
Broken Link
http://secunia.com/advisories/16469
Broken Link
http://secunia.com/advisories/16491
Broken Link
http://secunia.com/advisories/16550
Broken Link
http://secunia.com/advisories/16558
Broken Link
http://secunia.com/advisories/16563
Broken Link
http://secunia.com/advisories/16619
Broken Link
http://secunia.com/advisories/16635
Broken Link
http://secunia.com/advisories/16976
Broken Link
http://secunia.com/advisories/17053
Broken Link
http://secunia.com/advisories/17066
Broken Link
http://www.debian.org/security/2005/dsa-798
Third Party Advisory
Mailing List
http://www.debian.org/security/2005/dsa-840
Mailing List
http://www.debian.org/security/2005/dsa-842
Third Party Advisory
Mailing List
http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html
Broken Link
http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml
Third Party Advisory
http://www.hardened-php.net/advisory_152005.67.html
Patch
Vendor Advisory
Not Applicable
http://www.redhat.com/support/errata/RHSA-2005-748.html
Broken Link
http://www.securityfocus.com/archive/1/408125
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/14560
Third Party Advisory
Broken Link
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9569
Broken Link