| Vulnerability Name: | CVE-2005-2106 (CCN-21194) | ||||||||
| Assigned: | 2005-06-29 | ||||||||
| Published: | 2005-06-29 | ||||||||
| Updated: | 2016-10-18 | ||||||||
| Summary: | Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: Hewlett-Packard Company Security Bulletin HPSBTU02083 SSRT051069 - HP Tru64 Unix Secure Web Server (SWS 6.4.1 and earlier) PHP/XMLRPC Remote Unauthorized Execution of Arbitrary Code Source: CCN Type: Nobuhiro IMAI Web page arbitrary command execution on XMLRPC server Source: MITRE Type: CNA CVE-2005-1921 Source: MITRE Type: CNA CVE-2005-2106 Source: CCN Type: Conectiva Linux Security Announcemen CLSA-2005:980 Fix for php4 vulnerability Source: CCN Type: Conectiva Linux Security Announcement CLSA-2005:984 Fix for security vulnerability in ruby Source: CCN Type: Drupal Web site Drupal Source: BUGTRAQ Type: UNKNOWN 20050629 [DRUPAL-SA-2005-002] Drupal 4.6.2 / 4.5.4 fixes input validation issue Source: CCN Type: PEAR Web page What is PEAR? Source: CCN Type: PEAR XML_RPC Download Web page Package Information: XML_RPC Source: CCN Type: phpWebSite Web site phpWebSite Source: CCN Type: RHSA-2005-564 php security update Source: CCN Type: SA15810 phpMyFAQ XML-RPC PHP Code Execution Vulnerability Source: CCN Type: SA15852 XML-RPC for PHP PHP Code Execution Vulnerability Source: CCN Type: SA15855 PostNuke XML-RPC Library PHP Code Execution Vulnerability Source: CCN Type: SA15861 PEAR XML_RPC PHP Code Execution Vulnerability Source: CCN Type: SA15872 Drupal PHP Code Execution Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 15872 Source: CCN Type: SA15883 phpAdsNew XML-RPC PHP Code Execution Vulnerability Source: CCN Type: SA15884 phpPgAds XML-RPC PHP Code Execution Vulnerability Source: CCN Type: SA15895 Nucleus XML-RPC PHP Code Execution Vulnerability Source: CCN Type: SA15903 PhpWiki XML-RPC PHP Code Execution Vulnerability Source: CCN Type: SA15904 BLOG:CMS XML-RPC PHP Code Execution Vulnerability Source: CCN Type: SA15916 eGroupWare XML-RPC PHP Code Execution Vulnerability Source: CCN Type: SA15917 phpGroupWare XML-RPC PHP Code Execution Vulnerability Source: CCN Type: SA15922 Jaws "path" File Inclusion and XML-RPC PHP Code Execution Source: CCN Type: SA15944 TikiWiki XML-RPC PHP Code Execution Vulnerability Source: CCN Type: SA15947 MailWatch for MailScanner XML-RPC PHP Code Execution Source: CCN Type: SA15957 Ampache XML-RPC PHP Code Execution Vulnerability Source: CCN Type: SA16001 phpWebSite PEAR XML_RPC PHP Code Execution Source: CCN Type: SA16339 XOOPS PHPMailer and XML-RPC Vulnerabilities Source: CCN Type: SA16693 MAXdev MD-Pro Multiple Vulnerabilities Source: CCN Type: SA17440 b2evolution XML-RPC PHP Code Execution Vulnerabilities Source: CCN Type: SA17674 FreeMED XML_RPC PHP Code Execution Vulnerability Source: CCN Type: SA18003 HP Tru64 UNIX Secure Web Server XML_RPC PHP Code Execution Vulnerability Source: CCN Type: SECTRACK ID: 1015336 HP Secure Web Server for Tru64 UNIX XMLRPC Bug Lets Remote Users Execute Arbitrary PHP Code Source: CCN Type: SourceForge.net Project: Serendipity PHP Weblog System: File List Source: CCN Type: CIAC INFORMATION BULLETIN P-312 Apple Security Update 2005-008 Source: DEBIAN Type: UNKNOWN DSA-745 Source: DEBIAN Type: DSA 748-1 ruby1.8 -- bad default value Source: DEBIAN Type: DSA-745 drupal -- input validation errors Source: DEBIAN Type: DSA-746 phpgroupware -- input validation error Source: DEBIAN Type: DSA-747 egroupware -- input validation error Source: DEBIAN Type: DSA-789 php4 -- several vulnerabilities Source: CONFIRM Type: UNKNOWN http://www.drupal.org/security/drupal-sa-2005-002/advisory.txt Source: CCN Type: GLSA-200507-01 PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability Source: CCN Type: GLSA-200507-02 WordPress: Multiple vulnerabilities Source: CCN Type: GLSA-200507-06 TikiWiki: Arbitrary command execution through XML-RPC Source: CCN Type: GLSA-200507-07 phpWebSite: Multiple vulnerabilities Source: CCN Type: GLSA-200507-08 phpGroupWare, eGroupWare: PHP script injection vulnerability Source: CCN Type: GLSA-200507-15 PHP: Script injection through XML-RPC Source: CCN Type: Multiple vulnerabilities in Phpwebsite: Hackers Centers: Internet Security Archive Multiple vulnerabilities in Phpwebsite Source: CCN Type: US-CERT VU#442845 Multiple PHP XML-RPC implementations vulnerable to code injection Source: CCN Type: OSVDB ID: 17647 Drupal Public Comment/Posting Arbitrary PHP Code Execution Source: CCN Type: phpGroupWare Web site phpGroupWare.org Source: CCN Type: phpMyFAQ Download Web page Stable versions Source: CCN Type: phpWebSite Security Patch Web site phpWebSite Security Patch Source: CCN Type: Ruby Advisory # XMLRPC.iPIMethods Vulnerability # XMLRPC.iPIMethods Vulnerability Source: CCN Type: BID-14088 XML-RPC for PHP Remote Code Injection Vulnerability Source: BID Type: UNKNOWN 14110 Source: CCN Type: BID-14110 Drupal Arbitrary PHP Code Execution Vulnerability Source: CCN Type: BID-14166 PHPWebSite Index.PHP Directory Traversal Vulnerability Source: CCN Type: USN-147-1 PHP XMLRPC vulnerability Source: CCN Type: USN-147-2 Fixed php4-pear packages for USN-147-1 Source: XF Type: UNKNOWN xmlrpc-command-execution(21194) Source: SUSE Type: SUSE-SA:2005:041 php/pear XML::RPC: remote code execution Source: SUSE Type: SUSE-SA:2005:049 php4 php5: remote code execution Source: SUSE Type: SUSE-SA:2005:051 php4 php5: remote code execution Source: SUSE Type: SUSE-SR:2005:018 SUSE Security Summary Report | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||