CVE-2005-1921

Publication date 5 July 2005

Last updated 24 July 2024

Ubuntu priority

Unknown

Why this priority?

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
egroupware 7.04 feisty
Fixed 1.0.0.009.dfsg-3-4
6.10 edgy
Fixed 1.0.0.009.dfsg-3-4
6.06 LTS dapper
Fixed 1.0.0.009.dfsg-3-4
php4 7.04 feisty Not in release
6.10 edgy
Not affected
6.06 LTS dapper
Not affected
php5 7.04 feisty
Fixed 5.2.1-0ubuntu1.4
6.10 edgy
Fixed 5.1.6-1ubuntu2.6
6.06 LTS dapper
Fixed 5.1.2-1ubuntu3.9
phpwiki 7.04 feisty
Not affected
6.10 edgy
Not affected
6.06 LTS dapper
Not affected

References

Related Ubuntu Security Notices (USN)

    • USN-147-1
    • PHP XMLRPC vulnerability
    • 5 July 2005

Other references