CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
99.4%
Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.
Vendor | Product | Version | CPE |
---|---|---|---|
gggeek | phpxmlrpc | * | cpe:2.3:a:gggeek:phpxmlrpc:*:*:*:*:*:*:*:* |
debian | debian_linux | 3.1 | cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:* |
marc.info/?l=bugtraq&m=112412415822890&w=2
marc.info/?l=bugtraq&m=112431497300344&w=2
marc.info/?l=bugtraq&m=112605112027335&w=2
secunia.com/advisories/16431
secunia.com/advisories/16432
secunia.com/advisories/16441
secunia.com/advisories/16460
secunia.com/advisories/16465
secunia.com/advisories/16468
secunia.com/advisories/16469
secunia.com/advisories/16491
secunia.com/advisories/16550
secunia.com/advisories/16558
secunia.com/advisories/16563
secunia.com/advisories/16619
secunia.com/advisories/16635
secunia.com/advisories/16693
secunia.com/advisories/16976
secunia.com/advisories/17053
secunia.com/advisories/17066
secunia.com/advisories/17440
www.debian.org/security/2005/dsa-789
www.debian.org/security/2005/dsa-798
www.debian.org/security/2005/dsa-840
www.debian.org/security/2005/dsa-842
www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html
www.gentoo.org/security/en/glsa/glsa-200509-19.xml
www.hardened-php.net/advisory_152005.67.html
www.novell.com/linux/security/advisories/2005_49_php.html
www.redhat.com/support/errata/RHSA-2005-748.html
www.securityfocus.com/archive/1/408125
www.securityfocus.com/bid/14560
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9569