| Vulnerability Name: | CVE-2005-1921 (CCN-21194) | ||||||||||||||||||||||||||||||||||||
| Assigned: | 2005-06-29 | ||||||||||||||||||||||||||||||||||||
| Published: | 2005-06-29 | ||||||||||||||||||||||||||||||||||||
| Updated: | 2018-10-19 | ||||||||||||||||||||||||||||||||||||
| Summary: | Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement. | ||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||
| References: | Source: CCN Type: Hewlett-Packard Company Security Bulletin HPSBTU02083 SSRT051069 - HP Tru64 Unix Secure Web Server (SWS 6.4.1 and earlier) PHP/XMLRPC Remote Unauthorized Execution of Arbitrary Code Source: CCN Type: Nobuhiro IMAI Web page arbitrary command execution on XMLRPC server Source: MITRE Type: CNA CVE-2005-1921 Source: MITRE Type: CNA CVE-2005-2106 Source: CCN Type: Conectiva Linux Security Announcemen CLSA-2005:980 Fix for php4 vulnerability Source: CCN Type: Conectiva Linux Security Announcement CLSA-2005:984 Fix for security vulnerability in ruby Source: CCN Type: Drupal Web site Drupal Source: BUGTRAQ Type: UNKNOWN 20050629 Advisory 02/2005: Remote code execution in Serendipity Source: BUGTRAQ Type: UNKNOWN 20050629 [DRUPAL-SA-2005-003] Drupal 4.6.2 / 4.5.4 fixes critical XML-RPC issue Source: SUSE Type: UNKNOWN SUSE-SA:2005:051 Source: CCN Type: PEAR Web page What is PEAR? Source: CCN Type: PEAR XML_RPC Download Web page Package Information: XML_RPC Source: MISC Type: Patch http://pear.php.net/package/XML_RPC/download/1.3.1 Source: CCN Type: phpWebSite Web site phpWebSite Source: CCN Type: RHSA-2005-564 php security update Source: CCN Type: SA15810 phpMyFAQ XML-RPC PHP Code Execution Vulnerability Source: SECUNIA Type: UNKNOWN 15810 Source: CCN Type: SA15852 XML-RPC for PHP PHP Code Execution Vulnerability Source: SECUNIA Type: UNKNOWN 15852 Source: CCN Type: SA15855 PostNuke XML-RPC Library PHP Code Execution Vulnerability Source: SECUNIA Type: UNKNOWN 15855 Source: CCN Type: SA15861 PEAR XML_RPC PHP Code Execution Vulnerability Source: SECUNIA Type: UNKNOWN 15861 Source: CCN Type: SA15872 Drupal PHP Code Execution Vulnerabilities Source: SECUNIA Type: UNKNOWN 15872 Source: CCN Type: SA15883 phpAdsNew XML-RPC PHP Code Execution Vulnerability Source: SECUNIA Type: UNKNOWN 15883 Source: CCN Type: SA15884 phpPgAds XML-RPC PHP Code Execution Vulnerability Source: SECUNIA Type: UNKNOWN 15884 Source: CCN Type: SA15895 Nucleus XML-RPC PHP Code Execution Vulnerability Source: SECUNIA Type: UNKNOWN 15895 Source: CCN Type: SA15903 PhpWiki XML-RPC PHP Code Execution Vulnerability Source: SECUNIA Type: UNKNOWN 15903 Source: CCN Type: SA15904 BLOG:CMS XML-RPC PHP Code Execution Vulnerability Source: SECUNIA Type: UNKNOWN 15904 Source: CCN Type: SA15916 eGroupWare XML-RPC PHP Code Execution Vulnerability Source: SECUNIA Type: UNKNOWN 15916 Source: CCN Type: SA15917 phpGroupWare XML-RPC PHP Code Execution Vulnerability Source: SECUNIA Type: UNKNOWN 15917 Source: CCN Type: SA15922 Jaws "path" File Inclusion and XML-RPC PHP Code Execution Source: SECUNIA Type: UNKNOWN 15922 Source: CCN Type: SA15944 TikiWiki XML-RPC PHP Code Execution Vulnerability Source: SECUNIA Type: UNKNOWN 15944 Source: CCN Type: SA15947 MailWatch for MailScanner XML-RPC PHP Code Execution Source: SECUNIA Type: UNKNOWN 15947 Source: CCN Type: SA15957 Ampache XML-RPC PHP Code Execution Vulnerability Source: SECUNIA Type: UNKNOWN 15957 Source: CCN Type: SA16001 phpWebSite PEAR XML_RPC PHP Code Execution Source: SECUNIA Type: UNKNOWN 16001 Source: CCN Type: SA16339 XOOPS PHPMailer and XML-RPC Vulnerabilities Source: SECUNIA Type: UNKNOWN 16339 Source: CCN Type: SA16693 MAXdev MD-Pro Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 16693 Source: CCN Type: SA17440 b2evolution XML-RPC PHP Code Execution Vulnerabilities Source: SECUNIA Type: UNKNOWN 17440 Source: CCN Type: SA17674 FreeMED XML_RPC PHP Code Execution Vulnerability Source: SECUNIA Type: UNKNOWN 17674 Source: CCN Type: SA18003 HP Tru64 UNIX Secure Web Server XML_RPC PHP Code Execution Vulnerability Source: SECUNIA Type: UNKNOWN 18003 Source: GENTOO Type: UNKNOWN GLSA-200507-01 Source: GENTOO Type: UNKNOWN GLSA-200507-06 Source: GENTOO Type: UNKNOWN GLSA-200507-07 Source: CCN Type: SECTRACK ID: 1015336 HP Secure Web Server for Tru64 UNIX XMLRPC Bug Lets Remote Users Execute Arbitrary PHP Code Source: SECTRACK Type: UNKNOWN 1015336 Source: CCN Type: SourceForge.net Project: Serendipity PHP Weblog System: File List Source: CONFIRM Type: UNKNOWN http://sourceforge.net/project/showfiles.php?group_id=87163 Source: CONFIRM Type: UNKNOWN http://sourceforge.net/project/shownotes.php?release_id=338803 Source: CONFIRM Type: UNKNOWN http://www.ampache.org/announce/3_3_1_2.php Source: CCN Type: CIAC INFORMATION BULLETIN P-312 Apple Security Update 2005-008 Source: DEBIAN Type: UNKNOWN DSA-745 Source: DEBIAN Type: UNKNOWN DSA-746 Source: DEBIAN Type: UNKNOWN DSA-747 Source: DEBIAN Type: UNKNOWN DSA-789 Source: DEBIAN Type: DSA 748-1 ruby1.8 -- bad default value Source: DEBIAN Type: DSA-745 drupal -- input validation errors Source: DEBIAN Type: DSA-746 phpgroupware -- input validation error Source: DEBIAN Type: DSA-747 egroupware -- input validation error Source: DEBIAN Type: DSA-789 php4 -- several vulnerabilities Source: CONFIRM Type: UNKNOWN http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt Source: CCN Type: GLSA-200507-01 PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability Source: CCN Type: GLSA-200507-02 WordPress: Multiple vulnerabilities Source: CCN Type: GLSA-200507-06 TikiWiki: Arbitrary command execution through XML-RPC Source: CCN Type: GLSA-200507-07 phpWebSite: Multiple vulnerabilities Source: CCN Type: GLSA-200507-08 phpGroupWare, eGroupWare: PHP script injection vulnerability Source: CCN Type: GLSA-200507-15 PHP: Script injection through XML-RPC Source: MISC Type: Patch, Vendor Advisory http://www.gulftech.org/?node=research&article_id=00087-07012005 Source: CCN Type: Multiple vulnerabilities in Phpwebsite: Hackers Centers: Internet Security Archive Multiple vulnerabilities in Phpwebsite Source: MISC Type: Vendor Advisory http://www.hardened-php.net/advisory-022005.php Source: CCN Type: US-CERT VU#442845 Multiple PHP XML-RPC implementations vulnerable to code injection Source: MANDRAKE Type: Patch, Vendor Advisory MDKSA-2005:109 Source: SUSE Type: UNKNOWN SUSE-SR:2005:018 Source: SUSE Type: UNKNOWN SUSE-SA:2005:041 Source: SUSE Type: UNKNOWN SUSE-SA:2005:049 Source: CCN Type: OSVDB ID: 17647 Drupal Public Comment/Posting Arbitrary PHP Code Execution Source: CCN Type: phpGroupWare Web site phpGroupWare.org Source: CCN Type: phpMyFAQ Download Web page Stable versions Source: CCN Type: phpWebSite Security Patch Web site phpWebSite Security Patch Source: REDHAT Type: UNKNOWN RHSA-2005:564 Source: CCN Type: Ruby Advisory # XMLRPC.iPIMethods Vulnerability # XMLRPC.iPIMethods Vulnerability Source: HP Type: UNKNOWN SSRT051069 Source: BID Type: UNKNOWN 14088 Source: CCN Type: BID-14088 XML-RPC for PHP Remote Code Injection Vulnerability Source: CCN Type: BID-14110 Drupal Arbitrary PHP Code Execution Vulnerability Source: CCN Type: BID-14166 PHPWebSite Index.PHP Directory Traversal Vulnerability Source: CCN Type: USN-147-1 PHP XMLRPC vulnerability Source: CCN Type: USN-147-2 Fixed php4-pear packages for USN-147-1 Source: VUPEN Type: UNKNOWN ADV-2005-2827 Source: XF Type: UNKNOWN xmlrpc-command-execution(21194) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11294 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:350 Source: SUSE Type: SUSE-SA:2005:041 php/pear XML::RPC: remote code execution Source: SUSE Type: SUSE-SA:2005:049 php4 php5: remote code execution Source: SUSE Type: SUSE-SA:2005:051 php4 php5: remote code execution Source: SUSE Type: SUSE-SR:2005:018 SUSE Security Summary Report | ||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||