CVE-2005-1921

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=112008638320145&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=112015336720867&w=2	Third Party Advisory
http://marc.info/?l=bugtraq&m=112605112027335&w=2	Third Party Advisory
http://pear.php.net/package/XML_RPC/download/1.3.1	Patch Product
http://secunia.com/advisories/15810	Broken Link
http://secunia.com/advisories/15852	Broken Link
http://secunia.com/advisories/15855	Broken Link
http://secunia.com/advisories/15861	Broken Link
http://secunia.com/advisories/15872	Broken Link
http://secunia.com/advisories/15883	Broken Link
http://secunia.com/advisories/15884	Broken Link
http://secunia.com/advisories/15895	Broken Link
http://secunia.com/advisories/15903	Broken Link
http://secunia.com/advisories/15904	Broken Link
http://secunia.com/advisories/15916	Broken Link
http://secunia.com/advisories/15917	Broken Link
http://secunia.com/advisories/15922	Broken Link
http://secunia.com/advisories/15944	Broken Link
http://secunia.com/advisories/15947	Broken Link
http://secunia.com/advisories/15957	Broken Link
http://secunia.com/advisories/16001	Broken Link
http://secunia.com/advisories/16339	Broken Link
http://secunia.com/advisories/16693	Broken Link
http://secunia.com/advisories/17440	Broken Link
http://secunia.com/advisories/17674	Broken Link
http://secunia.com/advisories/18003	Broken Link
http://security.gentoo.org/glsa/glsa-200507-01.xml	Third Party Advisory
http://security.gentoo.org/glsa/glsa-200507-06.xml	Third Party Advisory
http://security.gentoo.org/glsa/glsa-200507-07.xml	Third Party Advisory
http://securitytracker.com/id?1015336	Broken Link Third Party Advisory VDB Entry
http://sourceforge.net/project/showfiles.php?group_id=87163	Product
http://sourceforge.net/project/shownotes.php?release_id=338803	Broken Link
http://www.ampache.org/announce/3_3_1_2.php	Broken Link
http://www.debian.org/security/2005/dsa-745	Mailing List Third Party Advisory
http://www.debian.org/security/2005/dsa-746	Mailing List Third Party Advisory
http://www.debian.org/security/2005/dsa-747	Mailing List Third Party Advisory
http://www.debian.org/security/2005/dsa-789	Mailing List Third Party Advisory
http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt	Third Party Advisory
http://www.gulftech.org/?node=research&article_id=00087-07012005	Not Applicable Vendor Advisory
http://www.hardened-php.net/advisory-022005.php	Not Applicable
http://www.mandriva.com/security/advisories?name=MDKSA-2005:109	Patch Third Party Advisory Vendor Advisory
http://www.novell.com/linux/security/advisories/2005_18_sr.html	Broken Link
http://www.novell.com/linux/security/advisories/2005_41_php_pear.html	Broken Link
http://www.novell.com/linux/security/advisories/2005_49_php.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2005-564.html	Broken Link
http://www.securityfocus.com/archive/1/419064/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/14088	Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2005/2827	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11294	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A350	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:php:xml_rpc:*:*:*:*:*:pear:*:*

Configuration 2 (hide)

cpe:2.3:a:gggeek:phpxmlrpc:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:drupal:drupal::::::::
	cpe:2.3:a:drupal:drupal::::::::

Configuration 4 (hide)

cpe:2.3:a:tiki:tikiwiki_cms\/groupware:*:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2005-07-05 04:00

Updated : 2024-02-14 15:41

NVD link : CVE-2005-1921

Mitre link : CVE-2005-1921

CVE.ORG link : CVE-2005-1921

JSON object : View

Products Affected

php

xml_rpc

gggeek

phpxmlrpc

drupal

drupal

tiki

tikiwiki_cms\/groupware

debian

debian_linux

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2005-1921", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2005-07-05T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=112008638320145&w=2", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=bugtraq&m=112015336720867&w=2", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=bugtraq&m=112605112027335&w=2", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://pear.php.net/package/XML_RPC/download/1.3.1", "tags": ["Patch", "Product"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/15810", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/15852", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/15855", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/15861", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/15872", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/15883", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/15884", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/15895", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/15903", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/15904", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/15916", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/15917", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/15922", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/15944", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/15947", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/15957", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/16001", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/16339", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/16693", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/17440", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/17674", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/18003", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://security.gentoo.org/glsa/glsa-200507-01.xml", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://security.gentoo.org/glsa/glsa-200507-06.xml", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://security.gentoo.org/glsa/glsa-200507-07.xml", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://securitytracker.com/id?1015336", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://sourceforge.net/project/showfiles.php?group_id=87163", "tags": ["Product"], "source": "secalert@redhat.com"}, {"url": "http://sourceforge.net/project/shownotes.php?release_id=338803", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.ampache.org/announce/3_3_1_2.php", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2005/dsa-745", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2005/dsa-746", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2005/dsa-747", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2005/dsa-789", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.gulftech.org/?node=research&article_id=00087-07012005", "tags": ["Not Applicable", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.hardened-php.net/advisory-022005.php", "tags": ["Not Applicable"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:109", "tags": ["Patch", "Third Party Advisory", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.novell.com/linux/security/advisories/2005_41_php_pear.html", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.novell.com/linux/security/advisories/2005_49_php.html", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2005-564.html", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/419064/100/0/threaded", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/14088", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2005/2827", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11294", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A350", "tags": ["Broken Link"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement."}], "lastModified": "2024-02-14T15:41:53.093", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:php:xml_rpc:*:*:*:*:*:pear:*:*", "vulnerable": true, "matchCriteriaId": "DF9FF982-2BF4-49ED-82F8-C8F8327D2EF3", "versionEndIncluding": "1.3.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gggeek:phpxmlrpc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83956BC5-8694-4C4B-92C4-D3C960980F66", "versionEndIncluding": "1.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00201099-3C07-44F0-880B-CE2AE77EE171", "versionEndExcluding": "4.5.4"}, {"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C248ACE-86AF-40FF-8B8F-FE1879E54FF2", "versionEndExcluding": "4.6.2", "versionStartIncluding": "4.6.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "363E6E27-87B4-4271-B374-B176DE9E5D56", "versionEndExcluding": "1.8.5"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

7.5 /10