Vulnerability Details : CVE-2005-2498
Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.
Products affected by CVE-2005-2498
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:gggeek:phpxmlrpc:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-2498
3.59%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-2498
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | 2024-02-14 |
CWE ids for CVE-2005-2498
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2005-2498
-
http://secunia.com/advisories/16558
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/16460
About Secunia Research | FlexeraBroken Link
-
http://marc.info/?l=bugtraq&m=112412415822890&w=2
'[DRUPAL-SA-2005-004] Drupal 4.6.3 / 4.5.5 fixes critical XML-RPC issue' - MARCThird Party Advisory
-
http://secunia.com/advisories/17066
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/16635
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/16469
About Secunia Research | FlexeraBroken Link
-
http://www.redhat.com/support/errata/RHSA-2005-748.html
SupportBroken Link
-
http://www.debian.org/security/2005/dsa-842
[SECURITY] [DSA 842-1] New egroupware packages fix arbitrary code executionMailing List;Third Party Advisory
-
http://secunia.com/advisories/16441
About Secunia Research | FlexeraBroken Link
-
http://www.securityfocus.com/archive/1/408125
Broken Link;Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/17053
About Secunia Research | FlexeraBroken Link
-
http://www.novell.com/linux/security/advisories/2005_49_php.html
404 Page Not Found | SUSEBroken Link
-
http://secunia.com/advisories/16693
About Secunia Research | FlexeraBroken Link
-
http://www.debian.org/security/2005/dsa-789
[SECURITY] [DSA 789-1] New PHP 4 packages fix several vulnerabilitiesMailing List;Third Party Advisory
-
http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml
PHP: Vulnerabilities in included PCRE and XML-RPC libraries (GLSA 200509-19) — Gentoo securityThird Party Advisory
-
http://secunia.com/advisories/16550
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/16563
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/16619
About Secunia Research | FlexeraBroken Link
-
http://marc.info/?l=bugtraq&m=112605112027335&w=2
'SUSE Security Announcement: php4, php5 remote code execution' - MARCThird Party Advisory
-
http://secunia.com/advisories/16468
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/16976
About Secunia Research | FlexeraBroken Link
-
http://www.debian.org/security/2005/dsa-798
[SECURITY] [DSA 798-1] New phproupware packages fix several vulnerabilitiesMailing List;Third Party Advisory
-
http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html
404 Not FoundBroken Link
-
http://secunia.com/advisories/17440
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/16491
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/16432
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/16465
About Secunia Research | FlexeraBroken Link
-
http://marc.info/?l=bugtraq&m=112431497300344&w=2
'[PHPADSNEW-SA-2005-001] phpAdsNew and phpPgAds 2.0.6 fix multiple' - MARCThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9569
404 Not FoundBroken Link
-
http://www.hardened-php.net/advisory_152005.67.html
Hardened PHP - Hardened-PHPNot Applicable;Patch;Vendor Advisory
-
http://secunia.com/advisories/16431
About Secunia Research | FlexeraBroken Link
-
http://www.securityfocus.com/bid/14560
Broken Link;Third Party Advisory;VDB Entry
-
http://www.debian.org/security/2005/dsa-840
[SECURITY] [DSA 840-1] New drupal packages fix remote command executionMailing List
Jump to