Published: 05/07/2005 Updated: 18/10/2016

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Unknown vulnerability in Drupal 4.5.0 up to and including 4.5.3, 4.6.0, and 4.6.1 allows remote malicious users to execute arbitrary PHP code via a public comment or posting.

Vulnerable Product	Search on Vulmon	Subscribe to Product
drupal drupal 4.5.3
drupal drupal 4.6.0
drupal drupal 4.6.1
drupal drupal 4.5.0
drupal drupal 4.5.1
drupal drupal 4.5.2

Two input validation errors were discovered in drupal and its bundled xmlrpc module These errors can lead to the execution of arbitrary commands on the web server running drupal drupal was not included in the old stable distribution (woody) For the current stable distribution (sarge), these problems have been fixed in version 453-3 For the u ...

#!/usr/bin/perl # Mon Jul 4 18:19:35 CEST 2005 dab@digitalsecnet # # DRUPAL-SA-2005-002 php injection in comments (yes, its lame) # Hax0r code here, read before execute # # Run without arguments to show the help # # BLINK! BLINK! BLINK! BLINK! # # Feel free to port to another stupid script language (mIRC, # python, TCL or orthers), and send to s ...

NVD-CWE-Other http://secunia.com/advisories/15872 http://www.drupal.org/security/drupal-sa-2005-002/advisory.txt http://www.debian.org/security/2005/dsa-745 http://www.securityfocus.com/bid/14110 http://marc.info/?l=bugtraq&m=112015287827452&w=2 https://nvd.nist.gov https://www.debian.org/security/./dsa-745 https://www.exploit-db.com/exploits/1088/

CVE-2005-2106

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect