Oval Definition:oval:org.mitre.oval:def:11294
Revision Date:2013-04-29Version:11
Title:Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
Description:Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2005-1921
Platform(s):CentOS Linux 3
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Product(s):
Definition Synopsis
  • OS Section: RHEL3, CentOS3
  • RHEL3 or CentOS3
  • The operating system installed on the system is Red Hat Enterprise Linux 3
  • OR CentOS Linux 3.x
  • AND Configuration section
  • php is earlier than 0:4.3.2-24.ent
  • OR php-pgsql is earlier than 0:4.3.2-24.ent
  • OR php-mysql is earlier than 0:4.3.2-24.ent
  • OR php-ldap is earlier than 0:4.3.2-24.ent
  • OR php-imap is earlier than 0:4.3.2-24.ent
  • OR php-odbc is earlier than 0:4.3.2-24.ent
  • OR php-devel is earlier than 0:4.3.2-24.ent
  • OR OS Section: RHEL4, CentOS4, Oracle Linux 4
  • RHEL4, CentOS4 or Oracle Linux 4
  • The operating system installed on the system is Red Hat Enterprise Linux 4
  • OR CentOS Linux 4.x
  • OR Oracle Linux 4.x
  • AND Configuration section
  • php-xmlrpc is earlier than 0:4.3.9-3.7
  • OR php-snmp is earlier than 0:4.3.9-3.7
  • OR php-domxml is earlier than 0:4.3.9-3.7
  • OR php-mysql is earlier than 0:4.3.9-3.7
  • OR php-imap is earlier than 0:4.3.9-3.7
  • OR php-gd is earlier than 0:4.3.9-3.7
  • OR php is earlier than 0:4.3.9-3.7
  • OR php-mbstring is earlier than 0:4.3.9-3.7
  • OR php-pgsql is earlier than 0:4.3.9-3.7
  • OR php-pear is earlier than 0:4.3.9-3.7
  • OR php-ldap is earlier than 0:4.3.9-3.7
  • OR php-odbc is earlier than 0:4.3.9-3.7
  • OR php-ncurses is earlier than 0:4.3.9-3.7
  • OR php-devel is earlier than 0:4.3.9-3.7
    • BACK