CVE-2005-1921

Published: 5 July 2005

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

Priority

Status

Package	Release	Status
egroupware Launchpad, Ubuntu, Debian	dapper	Released (1.0.0.009.dfsg-3-4)
	edgy	Released (1.0.0.009.dfsg-3-4)
	feisty	Released (1.0.0.009.dfsg-3-4)
	upstream	Needs triage
php4 Launchpad, Ubuntu, Debian	dapper	Not vulnerable
	edgy	Not vulnerable
	feisty	Does not exist
	upstream	Needs triage
php5 Launchpad, Ubuntu, Debian	dapper	Released (5.1.2-1ubuntu3.9)
	edgy	Released (5.1.6-1ubuntu2.6)
	feisty	Released (5.2.1-0ubuntu1.4)
	upstream	Needs triage
phpwiki Launchpad, Ubuntu, Debian	dapper	Not vulnerable
	edgy	Not vulnerable
	feisty	Not vulnerable
	upstream	Needs triage

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2005-1921

Priority

Status

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading