Home > Vulnerability Database > CVE-2005-2498

Mend.io Vulnerability Database

CVE-2005-2498

Date: August 14, 2005

Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.

Severity Score

5.3

Related Resources (36)

Url: http://www.debian.org/security/2005/dsa-840

Url: http://www.debian.org/security/2005/dsa-842

Url: http://www.novell.com/linux/security/advisories/2005_49_php.html

Url: http://www.debian.org/security/2005/dsa-789

Url: http://www.securityfocus.com/archive/1/408125

Url: http://secunia.com/advisories/16468

Url: http://secunia.com/advisories/16469

Url: http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html

Url: http://secunia.com/advisories/16563

Url: http://secunia.com/advisories/16441

Url: http://secunia.com/advisories/16465

Url: http://secunia.com/advisories/16693

Url: http://secunia.com/advisories/16550

Url: http://secunia.com/advisories/17066

Url: http://secunia.com/advisories/17440

Url: http://secunia.com/advisories/16491

Url: https://nvd.nist.gov/vuln/detail/CVE-2005-2498

Url: http://secunia.com/advisories/16619

Url: http://www.debian.org/security/2005/dsa-798

Url: http://www.securityfocus.com/bid/14560

Url: http://secunia.com/advisories/16558

Url: http://secunia.com/advisories/16976

Url: http://secunia.com/advisories/16635

Url: http://secunia.com/advisories/16431

Url: http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml

Url: http://www.hardened-php.net/advisory_152005.67.html

Url: http://secunia.com/advisories/16432

Url: http://secunia.com/advisories/16460

Url: http://secunia.com/advisories/17053

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9569

Url: http://marc.info/?l=bugtraq&m=112431497300344&w=2

Url: http://marc.info/?l=bugtraq&m=112412415822890&w=2

Url: http://marc.info/?l=bugtraq&m=112605112027335&w=2

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2005-2498

Url: http://www.redhat.com/support/errata/RHSA-2005-748.html

Url: https://www.mend.io/vulnerability-database/CVE-2005-2498

Severity Score

5.3

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2005-2498

Date: August 14, 2005

Severity Score

Related Resources (36)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?