pear-XML_RPC -- remote PHP code injection vulnerability

2005-08-1500:00:00

vuxml.freebsd.org

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.1%

JSON

A Hardened-PHP Project Security Advisory reports:

When the library parses XMLRPC requests/responses, it constructs
a string of PHP code, that is later evaluated. This means any
failure to properly handle the construction of this string can
result in arbitrary execution of PHP code.
This new injection vulnerability is cause by not properly
handling the situation, when certain XML tags are nested
in the parsed document, that were never meant to be nested
at all. This can be easily exploited in a way, that
user-input is placed outside of string delimiters within
the evaluation string, which obviously results in
arbitrary code execution.

Note that several applications contains an embedded version
on XML_RPC, therefor making them the vulnerable to the same
code injection vulnerability.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchpear-xml_rpc< 1.4.0UNKNOWN
FreeBSDanynoarchphpmyfaq< 1.4.11UNKNOWN
FreeBSDanynoarchdrupal< 4.6.3UNKNOWN
FreeBSDanynoarchegroupware< 1.0.0.009UNKNOWN
FreeBSDanynoarchphpadsnew< 2.0.5UNKNOWN
FreeBSDanynoarchphpgroupware< 0.9.16.007UNKNOWN
FreeBSDanynoarchb2evolution< 0.9.0.12_2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	pear-xml_rpc	< 1.4.0	UNKNOWN
FreeBSD	any	noarch	phpmyfaq	< 1.4.11	UNKNOWN
FreeBSD	any	noarch	drupal	< 4.6.3	UNKNOWN
FreeBSD	any	noarch	egroupware	< 1.0.0.009	UNKNOWN
FreeBSD	any	noarch	phpadsnew	< 2.0.5	UNKNOWN
FreeBSD	any	noarch	phpgroupware	< 0.9.16.007	UNKNOWN
FreeBSD	any	noarch	b2evolution	< 0.9.0.12_2	UNKNOWN