FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-2498

This CVE name corresponds to:

Entered Topic
2005-08-15 pear-XML_RPC -- remote PHP code injection vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2005-2498 at cve.mitre.org

Details

Type Candidate
Name CVE-2005-2498
Phase Assigned(20050808)

Description

Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.

References

Source Reference
BUGTRAQ 20050815 Advisory 15/2005: PHPXMLRPC Remote PHP Code Injection Vulnerability
MISC http://www.hardened-php.net/advisory_152005.67.html
BUGTRAQ 20050817 [PHPADSNEW-SA-2005-001] phpAdsNew and phpPgAds 2.0.6 fix multiple vulnerabilities
BUGTRAQ 20050815 [DRUPAL-SA-2005-004] Drupal 4.6.3 / 4.5.5 fixes critical XML-RPC issue
DEBIAN DSA-789
DEBIAN DSA-798
DEBIAN DSA-840
DEBIAN DSA-842
FEDORA FLSA:166943
GENTOO GLSA-200509-19
REDHAT RHSA-2005:748
SUSE SUSE-SA:2005:051
SUSE SUSE-SA:2005:049
BID 14560
OVAL oval:org.mitre.oval:def:9569
SECUNIA 16431
SECUNIA 16432
SECUNIA 16441
SECUNIA 16460
SECUNIA 16465
SECUNIA 16468
SECUNIA 16469
SECUNIA 16491
SECUNIA 16550
SECUNIA 16558
SECUNIA 16563
SECUNIA 16619
SECUNIA 16635
SECUNIA 16693
SECUNIA 16976
SECUNIA 17440
SECUNIA 17053
SECUNIA 17066

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.