Vulnerability Details : CVE-2005-1921
Public exploit exists!
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
Products affected by CVE-2005-1921
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:xml_rpc:*:*:*:*:*:pear:*:*
- cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:*:*:*:*:*:*:*:*
- cpe:2.3:a:gggeek:phpxmlrpc:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-1921
95.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2005-1921
-
PHP XML-RPC Arbitrary Code Execution
Disclosure Date: 2005-06-29First seen: 2020-04-26exploit/unix/webapp/php_xmlrpc_evalThis module exploits an arbitrary code execution flaw discovered in many implementations of the PHP XML-RPC module. This flaw is exploitable through a number of PHP web applications, including but not limited to Drupal, Wordpress, Postnuke, and TikiWiki.
CVSS scores for CVE-2005-1921
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2005-1921
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2005-1921
-
http://www.mandriva.com/security/advisories?name=MDKSA-2005:109
Advisories - Mandriva LinuxPatch;Third Party Advisory;Vendor Advisory
-
http://secunia.com/advisories/15957
About Secunia Research | FlexeraBroken Link
-
http://www.debian.org/security/2005/dsa-746
[SECURITY] [DSA 746-1] New packages fix remote command execution in phpgroupwareMailing List;Third Party Advisory
-
http://www.novell.com/linux/security/advisories/2005_18_sr.html
404 Page Not Found | SUSEBroken Link
-
http://secunia.com/advisories/15810
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/15922
About Secunia Research | FlexeraBroken Link
-
http://security.gentoo.org/glsa/glsa-200507-07.xml
phpWebSite: Multiple vulnerabilities (GLSA 200507-07) — Gentoo securityThird Party Advisory
-
http://www.securityfocus.com/bid/14088
XML-RPC for PHP Remote Code Injection VulnerabilityBroken Link;Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/15883
About Secunia Research | FlexeraBroken Link
-
http://security.gentoo.org/glsa/glsa-200507-01.xml
PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability (GLSA 200507-01) — Gentoo securityThird Party Advisory
-
http://secunia.com/advisories/15872
About Secunia Research | FlexeraBroken Link
-
http://www.debian.org/security/2005/dsa-745
[SECURITY] [DSA 745-1] New drupal package fixes multiple vulnerabilitiesMailing List;Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2005-564.html
SupportBroken Link
-
http://marc.info/?l=bugtraq&m=112008638320145&w=2
'Advisory 02/2005: Remote code execution in Serendipity' - MARCThird Party Advisory
-
http://secunia.com/advisories/15917
About Secunia Research | FlexeraBroken Link
-
http://www.securityfocus.com/archive/1/419064/100/0/threaded
Broken Link;Third Party Advisory;VDB Entry
-
http://securitytracker.com/id?1015336
Broken Link;Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/15884
About Secunia Research | FlexeraBroken Link
-
http://www.gulftech.org/?node=research&article_id=00087-07012005
SOC 2 Compliance TipsNot Applicable;Vendor Advisory
-
http://secunia.com/advisories/15903
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/18003
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/15852
About Secunia Research | FlexeraBroken Link
-
http://security.gentoo.org/glsa/glsa-200507-06.xml
TikiWiki: Arbitrary command execution through XML-RPC (GLSA 200507-06) — Gentoo securityThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11294
404 Not FoundBroken Link
-
http://www.novell.com/linux/security/advisories/2005_49_php.html
404 Page Not Found | SUSEBroken Link
-
http://secunia.com/advisories/16693
About Secunia Research | FlexeraBroken Link
-
http://www.debian.org/security/2005/dsa-789
[SECURITY] [DSA 789-1] New PHP 4 packages fix several vulnerabilitiesMailing List;Third Party Advisory
-
http://www.ampache.org/announce/3_3_1_2.php
Ampache - Music Streaming ServerBroken Link
-
http://secunia.com/advisories/17674
About Secunia Research | FlexeraBroken Link
-
http://marc.info/?l=bugtraq&m=112015336720867&w=2
'[DRUPAL-SA-2005-003] Drupal 4.6.2 / 4.5.4 fixes critical XML-RPC issue' - MARCThird Party Advisory
-
http://www.novell.com/linux/security/advisories/2005_41_php_pear.html
404 Page Not Found | SUSEBroken Link
-
http://secunia.com/advisories/15947
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/15916
About Secunia Research | FlexeraBroken Link
-
http://sourceforge.net/project/showfiles.php?group_id=87163
MailWatch for MailScanner - Browse Files at SourceForge.netProduct
-
http://secunia.com/advisories/15904
About Secunia Research | FlexeraBroken Link
-
http://marc.info/?l=bugtraq&m=112605112027335&w=2
'SUSE Security Announcement: php4, php5 remote code execution' - MARCThird Party Advisory
-
http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt
Security advisories | Drupal.orgThird Party Advisory
-
http://secunia.com/advisories/15861
About Secunia Research | FlexeraBroken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A350
404 Not FoundBroken Link
-
http://www.vupen.com/english/advisories/2005/2827
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
http://secunia.com/advisories/17440
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/16001
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/16339
About Secunia Research | FlexeraBroken Link
-
http://pear.php.net/package/XML_RPC/download/1.3.1
XML_RPC :: 1.3.1Patch;Product
-
http://sourceforge.net/project/shownotes.php?release_id=338803
Page not found - SourceForge.netBroken Link
-
http://www.hardened-php.net/advisory-022005.php
Hardened PHP - Hardened-PHPNot Applicable
-
http://secunia.com/advisories/15944
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/15895
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/15855
About Secunia Research | FlexeraBroken Link
-
http://www.debian.org/security/2005/dsa-747
[SECURITY] [DSA 747-1] New egroupware packages fix remote command executionMailing List;Third Party Advisory
Jump to