ID CVE-2005-1921
Summary Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
References
Vulnerable Configurations
  • cpe:2.3:a:pear:xml_rpc:1.0.2
    cpe:2.3:a:pear:xml_rpc:1.0.2
  • cpe:2.3:a:pear:xml_rpc:1.0.3
    cpe:2.3:a:pear:xml_rpc:1.0.3
  • cpe:2.3:a:pear:xml_rpc:1.0.4
    cpe:2.3:a:pear:xml_rpc:1.0.4
  • cpe:2.3:a:pear:xml_rpc:1.1.0
    cpe:2.3:a:pear:xml_rpc:1.1.0
  • cpe:2.3:a:pear:xml_rpc:1.2.0
    cpe:2.3:a:pear:xml_rpc:1.2.0
  • cpe:2.3:a:pear:xml_rpc:1.2.0rc1
    cpe:2.3:a:pear:xml_rpc:1.2.0rc1
  • cpe:2.3:a:pear:xml_rpc:1.2.0rc2
    cpe:2.3:a:pear:xml_rpc:1.2.0rc2
  • cpe:2.3:a:pear:xml_rpc:1.2.0rc3
    cpe:2.3:a:pear:xml_rpc:1.2.0rc3
  • cpe:2.3:a:pear:xml_rpc:1.2.0rc4
    cpe:2.3:a:pear:xml_rpc:1.2.0rc4
  • cpe:2.3:a:pear:xml_rpc:1.2.0rc5
    cpe:2.3:a:pear:xml_rpc:1.2.0rc5
  • cpe:2.3:a:pear:xml_rpc:1.2.0rc6
    cpe:2.3:a:pear:xml_rpc:1.2.0rc6
  • cpe:2.3:a:pear:xml_rpc:1.2.0rc7
    cpe:2.3:a:pear:xml_rpc:1.2.0rc7
  • cpe:2.3:a:pear:xml_rpc:1.2.1
    cpe:2.3:a:pear:xml_rpc:1.2.1
  • cpe:2.3:a:pear:xml_rpc:1.2.2
    cpe:2.3:a:pear:xml_rpc:1.2.2
  • cpe:2.3:a:pear:xml_rpc:1.3.0rc1
    cpe:2.3:a:pear:xml_rpc:1.3.0rc1
  • cpe:2.3:a:pear:xml_rpc:1.3.0rc2
    cpe:2.3:a:pear:xml_rpc:1.3.0rc2
  • cpe:2.3:a:pear:xml_rpc:1.3.0rc3
    cpe:2.3:a:pear:xml_rpc:1.3.0rc3
CVSS
Base: 7.5 (as of 05-07-2005 - 11:58)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
  • description XML-RPC Library <= 1.3.0 (xmlrpc.php) Remote Code Injection Exploit. CVE-2005-1921,CVE-2005-2116. Webapps exploit for php platform
    id EDB-ID:1078
    last seen 2016-01-31
    modified 2005-07-01
    published 2005-07-01
    reporter ilo--
    source https://www.exploit-db.com/download/1078/
    title XML-RPC Library <= 1.3.0 xmlrpc.php Remote Code Injection Exploit
  • description PHPXMLRPC < 1.1 - Remote Code Execution. CVE-2005-1921. Webapps exploit for PHP platform
    id EDB-ID:43829
    last seen 2018-01-24
    modified 2015-07-02
    published 2015-07-02
    reporter Exploit-DB
    source https://www.exploit-db.com/download/43829/
    title PHPXMLRPC < 1.1 - Remote Code Execution
  • description PHP XML-RPC Arbitrary Code Execution. CVE-2005-1921. Webapps exploit for php platform
    id EDB-ID:16882
    last seen 2016-02-02
    modified 2010-07-25
    published 2010-07-25
    reporter metasploit
    source https://www.exploit-db.com/download/16882/
    title PHP XML-RPC Arbitrary Code Execution
metasploit via4
description This module exploits an arbitrary code execution flaw discovered in many implementations of the PHP XML-RPC module. This flaw is exploitable through a number of PHP web applications, including but not limited to Drupal, Wordpress, Postnuke, and TikiWiki.
id MSF:EXPLOIT/UNIX/WEBAPP/PHP_XMLRPC_EVAL
last seen 2018-10-19
modified 2017-07-24
published 2007-01-05
reliability Excellent
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/php_xmlrpc_eval.rb
title PHP XML-RPC Arbitrary Code Execution
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-789.NASL
    description Several security related problems have been found in PHP4, the server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-1751 Eric Romang discovered insecure temporary files in the shtool utility shipped with PHP that can exploited by a local attacker to overwrite arbitrary files. Only this vulnerability affects packages in oldstable. - CAN-2005-1921 GulfTech has discovered that PEAR XML_RPC is vulnerable to a remote PHP code execution vulnerability that may allow an attacker to compromise a vulnerable server. - CAN-2005-2498 Stefan Esser discovered another vulnerability in the XML-RPC libraries that allows injection of arbitrary PHP code into eval() statements.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 19532
    published 2005-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19532
    title Debian DSA-789-1 : php4 - several vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-564.NASL
    description Updated PHP packages that fix two security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was discovered in the PEAR XML-RPC Server package included in PHP. If a PHP script is used which implements an XML-RPC Server using the PEAR XML-RPC package, then it is possible for a remote attacker to construct an XML-RPC request which can cause PHP to execute arbitrary PHP commands as the 'apache' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1921 to this issue. When using the default SELinux 'targeted' policy on Red Hat Enterprise Linux 4, the impact of this issue is reduced since the scripts executed by PHP are constrained within the httpd_sys_script_t security context. A race condition in temporary file handling was discovered in the shtool script installed by PHP. If a third-party PHP module which uses shtool was compiled as root, a local user may be able to modify arbitrary files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1751 to this issue. Users of PHP should upgrade to these updated packages, which contain backported fixes for these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21841
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21841
    title CentOS 3 / 4 : php (CESA-2005:564)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_0274A9F1075911DABC080001020EED82.NASL
    description Postnuke Security Announcementss reports of the following vulnerabilities : - missing input validation within /modules/Messages/readpmsg.php - possible path disclosure within /user.php - possible path disclosure within /modules/News/article.php - possible remote code injection within /includes/pnMod.php - possible cross-site-scripting in /index.php - remote code injection via xml rpc library
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 21379
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21379
    title FreeBSD : postnuke -- multiple vulnerabilities (0274a9f1-0759-11da-bc08-0001020eed82)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200507-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-200507-06 (TikiWiki: Arbitrary command execution through XML-RPC) TikiWiki is vulnerable to arbitrary command execution as described in GLSA 200507-01. Impact : A remote attacker could exploit this vulnerability to execute arbitrary PHP code by sending specially crafted XML data. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 18647
    published 2005-07-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18647
    title GLSA-200507-06 : TikiWiki: Arbitrary command execution through XML-RPC
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_523FAD14EB9D11D9A8BD000CF18BBE54.NASL
    description GulfTech Security Research Team reports : PEAR XML_RPC is vulnerable to a very high risk php code injection vulnerability due to unsanatized data being passed into an eval() call.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 18933
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18933
    title FreeBSD : pear-XML_RPC -- arbitrary remote code execution (523fad14-eb9d-11d9-a8bd-000cf18bbe54)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-564.NASL
    description Updated PHP packages that fix two security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was discovered in the PEAR XML-RPC Server package included in PHP. If a PHP script is used which implements an XML-RPC Server using the PEAR XML-RPC package, then it is possible for a remote attacker to construct an XML-RPC request which can cause PHP to execute arbitrary PHP commands as the 'apache' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1921 to this issue. When using the default SELinux 'targeted' policy on Red Hat Enterprise Linux 4, the impact of this issue is reduced since the scripts executed by PHP are constrained within the httpd_sys_script_t security context. A race condition in temporary file handling was discovered in the shtool script installed by PHP. If a third-party PHP module which uses shtool was compiled as root, a local user may be able to modify arbitrary files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1751 to this issue. Users of PHP should upgrade to these updated packages, which contain backported fixes for these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 18648
    published 2005-07-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18648
    title RHEL 3 / 4 : php (RHSA-2005:564)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200507-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-200507-08 (phpGroupWare, eGroupWare: PHP script injection vulnerability) The XML-RPC implementations of phpGroupWare and eGroupWare fail to sanitize input sent to the XML-RPC server using the 'POST' method. Impact : A remote attacker could exploit the XML-RPC vulnerability to execute arbitrary PHP script code by sending specially crafted XML data to the XML-RPC servers of phpGroupWare or eGroupWare. Workaround : There are no known workarounds at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 18666
    published 2005-07-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18666
    title GLSA-200507-08 : phpGroupWare, eGroupWare: PHP script injection vulnerability
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2005-192-01.NASL
    description New PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue with the PEAR XML_RPC class that allows a remote attacker to run arbitrary PHP code. Sites that make use of this PHP library should upgrade to the new PHP package right away, or may instead upgrade the XML_RPC PEAR class with the following command: pear upgrade XML_RPC
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 18805
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18805
    title Slackware 10.0 / 10.1 / 8.1 / 9.0 / 9.1 / current : PHP (SSA:2005-192-01)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-747.NASL
    description A vulnerability has been identified in the xmlrpc library included in the egroupware package. This vulnerability could lead to the execution of arbitrary commands on the server running egroupware. The old stable distribution (woody) did not include egroupware.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 18662
    published 2005-07-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18662
    title Debian DSA-747-1 : egroupware - input validation error
  • NASL family CGI abuses
    NASL id PHPADSNEW_XMLRPC.NASL
    description The remote host appears to be running phpAdsNew, an open source ad server written in PHP. The version of phpAdsNew installed on the remote host allows attackers to execute arbitrary PHP code subject to the privileges of the web server user id due to a flaw in its bundled XML-RPC library.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 20180
    published 2005-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20180
    title phpAdsNew XML-RPC Library Remote Code Injection
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200507-07.NASL
    description The remote host is affected by the vulnerability described in GLSA-200507-07 (phpWebSite: Multiple vulnerabilities) phpWebSite fails to sanitize input sent to the XML-RPC server using the 'POST' method. Other unspecified vulnerabilities have been discovered by Diabolic Crab of Hackers Center. Impact : A remote attacker could exploit the XML-RPC vulnerability to execute arbitrary PHP script code by sending specially crafted XML data to phpWebSite. The undisclosed vulnerabilities do have an unknown impact. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 18656
    published 2005-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18656
    title GLSA-200507-07 : phpWebSite: Multiple vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-109.NASL
    description A vulnerability was discovered by GulfTech Security in the PHP XML RPC project. This vulnerability is considered critical and can lead to remote code execution. The vulnerability also exists in the PEAR XMLRPC implementation. Mandriva ships with the PEAR XMLRPC implementation and it has been patched to correct this problem. It is advised that users examine the PHP applications they have installed on their servers for any applications that may come bundled with their own copies of the PEAR system and either patch RPC.php or use the system PEAR (found in /usr/share/pear). Updates have been released for some popular PHP applications such as WordPress and Serendipity and users are urged to take all precautions to protect their systems from attack and/or defacement by upgrading their applications from the authors of the respective applications.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 18597
    published 2005-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18597
    title Mandrake Linux Security Advisory : php-pear (MDKSA-2005:109)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2005-518.NASL
    description This update includes the PEAR XML_RPC 1.3.1 package, which fixes a security issue in the XML_RPC server implementation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1921 to this issue. The bundled version of shtool is also updated, to fix some temporary file handling races. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1751 to this issue. Bug fixes for the dom, ldap, and gd extensions are also included in this update. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 18625
    published 2005-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18625
    title Fedora Core 4 : php-5.0.4-10.3 (2005-518)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_F241641EF5EA11D9A6DB000D608ED240.NASL
    description Kuba Zygmunt discovered a flaw in the input validation routines of Drupal's filter mechanism. An attacker could execute arbitrary PHP code on a target site when public comments or postings are allowed.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 19359
    published 2005-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19359
    title FreeBSD : drupal -- PHP code execution vulnerabilities (f241641e-f5ea-11d9-a6db-000d608ed240)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-745.NASL
    description Two input validation errors were discovered in drupal and its bundled xmlrpc module. These errors can lead to the execution of arbitrary commands on the web server running drupal. drupal was not included in the old stable distribution (woody).
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 18655
    published 2005-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18655
    title Debian DSA-745-1 : drupal - input validation errors
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-746.NASL
    description A vulnerability had been identified in the xmlrpc library included with phpgroupware, a web-based application including email, calendar and other groupware functionality. This vulnerability could lead to the execution of arbitrary commands on the server running phpgroupware. The security team is continuing to investigate the version of phpgroupware included with the old stable distribution (woody). At this time we recommend disabling phpgroupware or upgrading to the current stable distribution (sarge).
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 19195
    published 2005-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19195
    title Debian DSA-746-1 : phpgroupware - input validation error
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200507-15.NASL
    description The remote host is affected by the vulnerability described in GLSA-200507-15 (PHP: Script injection through XML-RPC) James Bercegay has discovered that the XML-RPC implementation in PHP fails to sanitize input passed in an XML document, which is used in an 'eval()' statement. Impact : A remote attacker could exploit the XML-RPC vulnerability to execute arbitrary PHP script code by sending specially crafted XML data to applications making use of this XML-RPC implementation. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 19211
    published 2005-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19211
    title GLSA-200507-15 : PHP: Script injection through XML-RPC
  • NASL family CGI abuses
    NASL id DRUPAL_XMLRPC.NASL
    description The version of Drupal running on the remote web server allows attackers to execute arbitrary PHP code due to a flaw in its bundled XML-RPC library.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 18640
    published 2005-07-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18640
    title Drupal XML-RPC for PHP Remote Code Injection
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200507-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-200507-02 (WordPress: Multiple vulnerabilities) James Bercegay of the GulfTech Security Research Team discovered that WordPress insufficiently checks data passed to the XML-RPC server. He also discovered that WordPress has several cross-site scripting and full path disclosure vulnerabilities. Impact : An attacker could use the PHP script injection vulnerabilities to execute arbitrary PHP script commands. Furthermore the cross-site scripting vulnerabilities could be exploited to execute arbitrary script code in a user's browser session in context of a vulnerable site. Workaround : There are no known workarounds at this time.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 18606
    published 2005-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18606
    title GLSA-200507-02 : WordPress: Multiple vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200507-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-200507-01 (PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability) James Bercegay of GulfTech Security Research discovered that the PEAR XML-RPC and phpxmlrpc libraries fail to sanatize input sent using the 'POST' method. Impact : A remote attacker could exploit this vulnerability to execute arbitrary PHP script code by sending a specially crafted XML document to web applications making use of these libraries. Workaround : There are no known workarounds at this time.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 18605
    published 2005-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18605
    title GLSA-200507-01 : PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-147-1.NASL
    description A remote code execution vulnerability has been discovered in the XMLRPC module of the PEAR (PHP Extension and Application Repository) extension of PHP. By sending specially crafted XMLRPC requests to an affected web server, a remote attacker could exploit this to execute arbitrary code with the web server's privileges. In Ubuntu 5.04 (Hoary Hedgehog), the PEAR extension is unsupported (it is contained in the php4-universe package which is part of universe). However, since this is a highly critical vulnerability, that package was fixed as well. Please note that many applications contain a copy of the affected XMLRPC code, which must be fixed separately. The following packages may also be affected, but are unsupported in Ubuntu : - drupal - wordpress - phpwiki - horde3 - ewiki - egroupware - phpgroupware These packages might be fixed by the community later. The following common third-party applications are affected as well, but not packaged for Ubuntu : - Serendipity - Postnuke - tikiwiki - phpwebsite If you run any affected software, please upgrade them as soon as possible to protect your server. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 20541
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20541
    title Ubuntu 4.10 / 5.04 : php4, php4-universe vulnerability (USN-147-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2005-517.NASL
    description This update includes the PEAR XML_RPC 1.3.1 package, which fixes a security issue in the XML_RPC server implementation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1921 to this issue. The bundled version of shtool is also updated, to fix some temporary file handling races. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1751 to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 18624
    published 2005-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18624
    title Fedora Core 3 : php-4.3.11-2.6 (2005-517)
  • NASL family CGI abuses
    NASL id SERENDIPITY_XMLRPC_CODE_INJECTION.NASL
    description The version of Serendipity installed on the remote host is prone to remote code execution due to a failure of its bundled XML-RPC library to sanitize user-supplied input to the 'serendipity_xmlrpc.php' script. This flaw may allow attackers to execute code remotely subject to the privileges of the web server userid.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 18600
    published 2005-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18600
    title Serendipity XML-RPC for PHP Remote Code Injection
oval via4
  • accepted 2013-04-29T04:12:58.707-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
    family unix
    id oval:org.mitre.oval:def:11294
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
    version 23
  • accepted 2005-09-21T01:33:00.000-04:00
    class vulnerability
    contributors
    name Jay Beale
    organization Bastille Linux
    description Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
    family unix
    id oval:org.mitre.oval:def:350
    status accepted
    submitted 2005-07-19T12:00:00.000-04:00
    title PEAR XML_RPC PHP Code Execution Vulnerability
    version 4
packetstorm via4
data source https://packetstormsecurity.com/files/download/82366/php_xmlrpc_eval.rb.txt
id PACKETSTORM:82366
last seen 2016-12-05
published 2009-10-30
reporter H D Moore
source https://packetstormsecurity.com/files/82366/PHP-XML-RPC-Arbitrary-Code-Execution.html
title PHP XML-RPC Arbitrary Code Execution
redhat via4
advisories
rhsa
id RHSA-2005:564
refmap via4
bid 14088
bugtraq
  • 20050629 Advisory 02/2005: Remote code execution in Serendipity
  • 20050629 [DRUPAL-SA-2005-003] Drupal 4.6.2 / 4.5.4 fixes critical XML-RPC issue
confirm
debian
  • DSA-745
  • DSA-746
  • DSA-747
  • DSA-789
gentoo
  • GLSA-200507-01
  • GLSA-200507-06
  • GLSA-200507-07
hp
  • HPSBTU02083
  • SSRT051069
mandrake MDKSA-2005:109
misc
sectrack 1015336
secunia
  • 15810
  • 15852
  • 15855
  • 15861
  • 15872
  • 15883
  • 15884
  • 15895
  • 15903
  • 15904
  • 15916
  • 15917
  • 15922
  • 15944
  • 15947
  • 15957
  • 16001
  • 16339
  • 16693
  • 17440
  • 17674
  • 18003
suse
  • SUSE-SA:2005:041
  • SUSE-SA:2005:049
  • SUSE-SA:2005:051
  • SUSE-SR:2005:018
vupen ADV-2005-2827
Last major update 17-10-2016 - 23:23
Published 05-07-2005 - 00:00
Last modified 19-10-2018 - 11:32
Back to Top