Lucene search

[email protected]CVE-2005-1921

HistoryJul 05, 2005 - 4:00 a.m.

CVE-2005-1921

2005-07-0504:00:00

CWE-94

[email protected]

web.nvd.nist.gov

134

cve

eval injection

pear xml_rpc

xml-rpc

phpxmlrpc

wordpress

serendipity

drupal

egroupware

mailwatch

tikiwiki

phpwebsite

ampache

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.956 High

EPSS

Percentile

99.4%

JSON

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

Affected configurations

NVD

Node

phpxml_rpcRange≤1.3.0pear

Node

gggeekphpxmlrpcRange≤1.1

Node

drupaldrupalRange<4.5.4

drupaldrupalRange4.6.0–4.6.2

Node

tikitikiwiki_cms\/groupwareRange<1.8.5

Node

debiandebian_linuxMatch3.1

CPENameOperatorVersion
php:xml_rpcphp xml rpcle1.3.0

CPE	Name	Operator	Version
php:xml_rpc	php xml rpc	le	1.3.0

References

marc.info/?l=bugtraq&m=112008638320145&w=2

marc.info/?l=bugtraq&m=112015336720867&w=2

marc.info/?l=bugtraq&m=112605112027335&w=2

pear.php.net/package/XML_RPC/download/1.3.1

secunia.com/advisories/15810

secunia.com/advisories/15852

secunia.com/advisories/15855

secunia.com/advisories/15861

secunia.com/advisories/15872

secunia.com/advisories/15883

secunia.com/advisories/15884

secunia.com/advisories/15895

secunia.com/advisories/15903

secunia.com/advisories/15904

secunia.com/advisories/15916

secunia.com/advisories/15917

secunia.com/advisories/15922

secunia.com/advisories/15944

secunia.com/advisories/15947

secunia.com/advisories/15957

secunia.com/advisories/16001

secunia.com/advisories/16339

secunia.com/advisories/16693

secunia.com/advisories/17440

secunia.com/advisories/17674

secunia.com/advisories/18003

security.gentoo.org/glsa/glsa-200507-01.xml

security.gentoo.org/glsa/glsa-200507-06.xml

security.gentoo.org/glsa/glsa-200507-07.xml

securitytracker.com/id?1015336

sourceforge.net/project/showfiles.php?group_id=87163

sourceforge.net/project/shownotes.php?release_id=338803

www.ampache.org/announce/3_3_1_2.php

www.debian.org/security/2005/dsa-745

www.debian.org/security/2005/dsa-746

www.debian.org/security/2005/dsa-747

www.debian.org/security/2005/dsa-789

www.drupal.org/security/drupal-sa-2005-003/advisory.txt

www.gulftech.org/?node=research&article_id=00087-07012005

www.hardened-php.net/advisory-022005.php

www.mandriva.com/security/advisories?name=MDKSA-2005:109

www.novell.com/linux/security/advisories/2005_18_sr.html

www.novell.com/linux/security/advisories/2005_41_php_pear.html

www.novell.com/linux/security/advisories/2005_49_php.html

www.redhat.com/support/errata/RHSA-2005-564.html

www.securityfocus.com/archive/1/419064/100/0/threaded

www.securityfocus.com/bid/14088

www.vupen.com/english/advisories/2005/2827

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11294

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A350

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.956 High

EPSS

Percentile

99.4%

JSON

CVE-2005-1921

Affected configurations

References

Related