CVE-2006-1032 - Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, a

CVE-2006-1032

Summary

Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag.

References

Vulnerable Configurations

cpe:2.3:a:phprpc:phprpc:0.7:*:*:*:*:*:*:*
cpe:2.3:a:phprpc:phprpc:0.7:*:*:*:*:*:*:*
cpe:2.3:a:phprpc:phprpc:0.8:*:*:*:*:*:*:*
cpe:2.3:a:phprpc:phprpc:0.8:*:*:*:*:*:*:*
cpe:2.3:a:phprpc:phprpc:0.9:*:*:*:*:*:*:*
cpe:2.3:a:phprpc:phprpc:0.9:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 08-03-2011 - 02:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	16833
bugtraq	20060226 phpRPC Library Remote Code Execution
misc	http://www.gulftech.org/?node=research&article_id=00105-02262006
sectrack	1015691
secunia	19028 19058
sreason	502
vupen	ADV-2006-0745

saint via4

bid	16833
description	phpRPC decode function command execution
id	web_prog_php_phprpc
osvdb	23514
title	phprpc_decode
type	remote

Last major update

08-03-2011 - 02:31

Published

07-03-2006 - 11:02

Last modified

08-03-2011 - 02:31