CVE-2005-1921 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2005-1921?

CVE-2005-1921 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2005-1921?

Check the references section above for vendor advisories and patch information. Affected products include: Php Xml Rpc, Gggeek Phpxmlrpc, Drupal Drupal, Tiki Tikiwiki Cms\/Groupware, Debian Debian Linux.

Vulnerability Description

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Php	Xml Rpc	<= 1.3.0
Gggeek	Phpxmlrpc	<= 1.1
Drupal	Drupal	< 4.5.4
Tiki	Tikiwiki Cms\/Groupware	< 1.8.5
Debian	Debian Linux	3.1

Related Weaknesses (CWE)

CWE-94

References

http://marc.info/?l=bugtraq&m=112008638320145&w=2Third Party Advisory
http://marc.info/?l=bugtraq&m=112015336720867&w=2Third Party Advisory
http://marc.info/?l=bugtraq&m=112605112027335&w=2Third Party Advisory
http://pear.php.net/package/XML_RPC/download/1.3.1PatchProduct
http://secunia.com/advisories/15810Broken Link
http://secunia.com/advisories/15852Broken Link
http://secunia.com/advisories/15855Broken Link
http://secunia.com/advisories/15861Broken Link
http://secunia.com/advisories/15872Broken Link
http://secunia.com/advisories/15883Broken Link
http://secunia.com/advisories/15884Broken Link
http://secunia.com/advisories/15895Broken Link
http://secunia.com/advisories/15903Broken Link
http://secunia.com/advisories/15904Broken Link
http://secunia.com/advisories/15916Broken Link

FAQ

What is CVE-2005-1921?

CVE-2005-1921 is a vulnerability with a CVSS score of 7.5 (HIGH). Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2)...

How severe is CVE-2005-1921?

CVE-2005-1921 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-1921?

Check the references section above for vendor advisories and patch information. Affected products include: Php Xml Rpc, Gggeek Phpxmlrpc, Drupal Drupal, Tiki Tikiwiki Cms\/Groupware, Debian Debian Linux.