Oval Definition:oval:org.mitre.oval:def:9569
Revision Date:2013-04-29Version:11
Title:Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.
Description:Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2005-2498
Platform(s):CentOS Linux 3
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Product(s):
Definition Synopsis
  • OS Section: RHEL3, CentOS3
  • RHEL3 or CentOS3
  • The operating system installed on the system is Red Hat Enterprise Linux 3
  • OR CentOS Linux 3.x
  • AND Configuration section
  • php is earlier than 0:4.3.2-25.ent
  • OR php-pgsql is earlier than 0:4.3.2-25.ent
  • OR php-mysql is earlier than 0:4.3.2-25.ent
  • OR php-ldap is earlier than 0:4.3.2-25.ent
  • OR php-imap is earlier than 0:4.3.2-25.ent
  • OR php-odbc is earlier than 0:4.3.2-25.ent
  • OR php-devel is earlier than 0:4.3.2-25.ent
  • OR OS Section: RHEL4, CentOS4, Oracle Linux 4
  • RHEL4, CentOS4 or Oracle Linux 4
  • The operating system installed on the system is Red Hat Enterprise Linux 4
  • OR CentOS Linux 4.x
  • OR Oracle Linux 4.x
  • AND Configuration section
  • php-xmlrpc is earlier than 0:4.3.9-3.8
  • OR php-snmp is earlier than 0:4.3.9-3.8
  • OR php-domxml is earlier than 0:4.3.9-3.8
  • OR php-mysql is earlier than 0:4.3.9-3.8
  • OR php-imap is earlier than 0:4.3.9-3.8
  • OR php-gd is earlier than 0:4.3.9-3.8
  • OR php is earlier than 0:4.3.9-3.8
  • OR php-mbstring is earlier than 0:4.3.9-3.8
  • OR php-pgsql is earlier than 0:4.3.9-3.8
  • OR php-pear is earlier than 0:4.3.9-3.8
  • OR php-ldap is earlier than 0:4.3.9-3.8
  • OR php-odbc is earlier than 0:4.3.9-3.8
  • OR php-ncurses is earlier than 0:4.3.9-3.8
  • OR php-devel is earlier than 0:4.3.9-3.8
    • BACK