Published: 05/07/2005 Updated: 14/02/2024

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 775

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and previous versions (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and previous versions, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote malicious users to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php xml rpc
gggeek phpxmlrpc
drupal drupal
tiki tikiwiki cms\\/groupware
debian debian linux 3.1

Synopsis php security update Type/Severity Security Advisory: Important Topic Updated PHP packages that fix two security issues are now availableThis update has been rated as having important security impact by the RedHat Security Response Team Description PHP is an HTML-embedded scriptin ...

A remote code execution vulnerability has been discovered in the XMLRPC module of the PEAR (PHP Extension and Application Repository) extension of PHP By sending specially crafted XMLRPC requests to an affected web server, a remote attacker could exploit this to execute arbitrary code with the web server’s privileges ...

A vulnerability has been identified in the xmlrpc library included in the egroupware package This vulnerability could lead to the execution of arbitrary commands on the server running egroupware The old stable distribution (woody) did not include egroupware For the current stable distribution (sarge), this problem is fixed in version 100007-2 ...

Two input validation errors were discovered in drupal and its bundled xmlrpc module These errors can lead to the execution of arbitrary commands on the web server running drupal drupal was not included in the old stable distribution (woody) For the current stable distribution (sarge), these problems have been fixed in version 453-3 For the u ...

## # $Id: php_xmlrpc_evalrb 9929 2010-07-25 21:37:54Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class ...

# tested and working /str0ke #!/usr/bin/perl # # ilo-- # # This program is no GPL or has nothing to do with FSF, but some # code was ripped from romansoft sorry, too lazy! # # xmlrpc bug by James from GulfTech Security Research # pearphpnet/bugs/bugphp?id=4692 # xmlrpc drupal exploit, but James sais xoops, phpnuke and other ...

#-------------------------------------------------------# # /| # # | | # # | | # # /\ ________| |___ # # / \ \_______ __/ ...

PHPXMLRPC Remote Code Execution Vendor: Useful Information Inc Product: PHPXMLRPC Version: <= 11 Website: phpxmlrpcsourceforgenet/ BID: 14088 CVE: CVE-2005-1921 OSVDB: 17793 SECUNIA: 15852 PACKETSTORM: 38394 Description: PHPXMLRPC aka XML-RPC For PHP is a PHP implementation of the XML-RPC web RPC protocol, and was originally d ...

#!/usr/bin/perl -w # ******************************************************** # XML-RPC Remote Command Execution Exploit By Mike Rifone # ******************************************************** # This works on da phpxmlrpc, and da PEAR XML_RPC too! All # you need is to put the url to the server and u get shell # Dis is my first exploit but hey it ...

CVE-2005-1921

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect