Home > Vulnerability Database > CVE-2005-1921

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2005-1921

Date: July 4, 2005

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

Severity Score

7.3

Related Resources (53)

Url: http://www.debian.org/security/2005/dsa-789

Url: http://www.debian.org/security/2005/dsa-745

Url: http://secunia.com/advisories/15855

Url: https://nvd.nist.gov/vuln/detail/CVE-2005-1921

Url: http://www.debian.org/security/2005/dsa-747

Url: http://www.debian.org/security/2005/dsa-746

Url: http://secunia.com/advisories/15895

Url: http://secunia.com/advisories/15852

Url: http://secunia.com/advisories/15810

Url: http://secunia.com/advisories/17674

Url: http://secunia.com/advisories/18003

Url: http://secunia.com/advisories/17440

Url: http://www.ampache.org/announce/3_3_1_2.php

Url: http://security.gentoo.org/glsa/glsa-200507-01.xml

Url: http://secunia.com/advisories/15947

Url: http://www.vupen.com/english/advisories/2005/2827

Url: http://www.hardened-php.net/advisory-022005.php

Url: http://secunia.com/advisories/15903

Url: http://secunia.com/advisories/15904

Url: http://secunia.com/advisories/15944

Url: http://sourceforge.net/project/shownotes.php?release_id=338803

Url: http://www.securityfocus.com/bid/14088

Url: http://marc.info/?l=bugtraq&m=112008638320145&w=2

Url: http://securitytracker.com/id?1015336

Url: http://www.securityfocus.com/archive/1/419064/100/0/threaded

Url: http://www.novell.com/linux/security/advisories/2005_41_php_pear.html

Url: http://secunia.com/advisories/15861

Url: http://www.redhat.com/support/errata/RHSA-2005-564.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2005-1921

Url: http://marc.info/?l=bugtraq&m=112605112027335&w=2

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A350

Url: http://secunia.com/advisories/15916

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11294

Url: http://secunia.com/advisories/15917

Url: http://www.novell.com/linux/security/advisories/2005_49_php.html

Url: http://secunia.com/advisories/15957

Url: http://security.gentoo.org/glsa/glsa-200507-06.xml

Url: http://secunia.com/advisories/16001

Url: http://secunia.com/advisories/15872

Url: http://www.gulftech.org/?node=research&article_id=00087-07012005

Url: http://secunia.com/advisories/16693

Url: http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt

Url: http://pear.php.net/package/XML_RPC/download/1.3.1

Url: http://www.novell.com/linux/security/advisories/2005_18_sr.html

Url: http://secunia.com/advisories/15922

Url: http://secunia.com/advisories/16339

Url: http://secunia.com/advisories/15884

Url: http://marc.info/?l=bugtraq&m=112015336720867&w=2

Url: http://secunia.com/advisories/15883

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2005:109

Url: http://sourceforge.net/project/showfiles.php?group_id=87163

Url: http://security.gentoo.org/glsa/glsa-200507-07.xml

Url: https://www.mend.io/vulnerability-database/CVE-2005-1921

Severity Score

7.3

Weakness Type (CWE)

Code Injection

CWE-94

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Do you need more information?

Contact Us