Rapid7 Vulnerability & Exploit Database

Gentoo Linux: CVE-2005-2498: PEAR XML-RPC, phpxmlrpc: New PHP script injection vulnerability

Back to Search

Gentoo Linux: CVE-2005-2498: PEAR XML-RPC, phpxmlrpc: New PHP script injection vulnerability

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
08/15/2005
Created
07/25/2018
Added
10/30/2017
Modified
06/15/2020

Description

Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.

Solution(s)

  • gentoo-linux-upgrade-dev-php-mod_php
  • gentoo-linux-upgrade-dev-php-pear-xml_rpc
  • gentoo-linux-upgrade-dev-php-php
  • gentoo-linux-upgrade-dev-php-php-cgi
  • gentoo-linux-upgrade-dev-php-phpxmlrpc
  • gentoo-linux-upgrade-www-apps-egroupware
  • gentoo-linux-upgrade-www-apps-phpgroupware
  • gentoo-linux-upgrade-www-apps-phpwebsite
  • gentoo-linux-upgrade-www-apps-phpwiki
  • gentoo-linux-upgrade-www-apps-tikiwiki

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;