Rapid7 Vulnerability & Exploit Database

FreeBSD: pear-XML_RPC -- remote PHP code injection vulnerability (CVE-2005-2498)

Back to Search

FreeBSD: pear-XML_RPC -- remote PHP code injection vulnerability (CVE-2005-2498)

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
08/15/2005
Created
07/25/2018
Added
05/08/2014
Modified
02/21/2017

Description

Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.

Solution(s)

  • freebsd-upgrade-package-b2evolution
  • freebsd-upgrade-package-drupal
  • freebsd-upgrade-package-egroupware
  • freebsd-upgrade-package-pear-xml_rpc
  • freebsd-upgrade-package-phpadsnew
  • freebsd-upgrade-package-phpgroupware
  • freebsd-upgrade-package-phpmyfaq

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;