CVE-2005-1921

PHP XML-RPC Arbitrary Code Execution

Severity Score

7.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

*Credits: N/A

CVSS Scores

NISTv2 7.5

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2005-06-08 CVE Reserved
2005-06-29 First Exploit
2005-07-01 CVE Published
2024-06-07 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-94: Improper Control of Generation of Code ('Code Injection')

CAPEC

References (58)

URL	Tag	Source
http://marc.info/?l=bugtraq&m=112008638320145&w=2	Mailing List
http://marc.info/?l=bugtraq&m=112015336720867&w=2	Mailing List
http://secunia.com/advisories/15810	Broken Link
http://secunia.com/advisories/15852	Broken Link
http://secunia.com/advisories/15855	Broken Link
http://secunia.com/advisories/15861	Broken Link
http://secunia.com/advisories/15872	Broken Link
http://secunia.com/advisories/15883	Broken Link
http://secunia.com/advisories/15884	Broken Link
http://secunia.com/advisories/15895	Broken Link
http://secunia.com/advisories/15903	Broken Link
http://secunia.com/advisories/15904	Broken Link
http://secunia.com/advisories/15916	Broken Link
http://secunia.com/advisories/15917	Broken Link
http://secunia.com/advisories/15922	Broken Link
http://secunia.com/advisories/15944	Broken Link
http://secunia.com/advisories/15947	Broken Link
http://secunia.com/advisories/15957	Broken Link
http://secunia.com/advisories/16001	Broken Link
http://secunia.com/advisories/16339	Broken Link
http://secunia.com/advisories/16693	Broken Link
http://secunia.com/advisories/17440	Broken Link
http://secunia.com/advisories/17674	Broken Link
http://secunia.com/advisories/18003	Broken Link
http://securitytracker.com/id?1015336	Broken Link
http://sourceforge.net/project/showfiles.php?group_id=87163	Product
http://sourceforge.net/project/shownotes.php?release_id=338803	Broken Link
http://www.ampache.org/announce/3_3_1_2.php	Broken Link
http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt	Third Party Advisory
http://www.hardened-php.net/advisory-022005.php	Not Applicable
http://www.securityfocus.com/bid/14088	Broken Link
http://www.vupen.com/english/advisories/2005/2827	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11294	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A350	Broken Link

URL	Date	SRC
https://www.exploit-db.com/exploits/43829	2015-07-02
https://www.exploit-db.com/exploits/16882	2010-07-25
https://www.exploit-db.com/exploits/1078	2005-07-01
https://www.exploit-db.com/exploits/1083	2005-07-04
https://www.exploit-db.com/exploits/1084	2005-07-04
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/php_xmlrpc_eval.rb	2005-06-29

URL	Date	SRC
http://pear.php.net/package/XML_RPC/download/1.3.1	2024-02-14
http://www.mandriva.com/security/advisories?name=MDKSA-2005:109	2024-02-14

URL	Date	SRC
http://marc.info/?l=bugtraq&m=112605112027335&w=2	2024-02-14
http://security.gentoo.org/glsa/glsa-200507-01.xml	2024-02-14
http://security.gentoo.org/glsa/glsa-200507-06.xml	2024-02-14
http://security.gentoo.org/glsa/glsa-200507-07.xml	2024-02-14
http://www.debian.org/security/2005/dsa-745	2024-02-14
http://www.debian.org/security/2005/dsa-746	2024-02-14
http://www.debian.org/security/2005/dsa-747	2024-02-14
http://www.debian.org/security/2005/dsa-789	2024-02-14
http://www.gulftech.org/?node=research&article_id=00087-07012005	2024-02-14
http://www.novell.com/linux/security/advisories/2005_18_sr.html	2024-02-14
http://www.novell.com/linux/security/advisories/2005_41_php_pear.html	2024-02-14
http://www.novell.com/linux/security/advisories/2005_49_php.html	2024-02-14
http://www.redhat.com/support/errata/RHSA-2005-564.html	2024-02-14
http://www.securityfocus.com/archive/1/419064/100/0/threaded	2024-02-14
https://access.redhat.com/security/cve/CVE-2005-1921	2005-07-07
https://bugzilla.redhat.com/show_bug.cgi?id=1617676	2005-07-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Php Search vendor "Php"		Xml Rpc Search vendor "Php" for product "Xml Rpc"				<= 1.3.0 Search vendor "Php" for product "Xml Rpc" and version " <= 1.3.0"		pear		Affected
Gggeek Search vendor "Gggeek"		Phpxmlrpc Search vendor "Gggeek" for product "Phpxmlrpc"				<= 1.1 Search vendor "Gggeek" for product "Phpxmlrpc" and version " <= 1.1"		-		Affected
Drupal Search vendor "Drupal"		Drupal Search vendor "Drupal" for product "Drupal"				< 4.5.4 Search vendor "Drupal" for product "Drupal" and version " < 4.5.4"		-		Affected
Drupal Search vendor "Drupal"		Drupal Search vendor "Drupal" for product "Drupal"				>= 4.6.0 < 4.6.2 Search vendor "Drupal" for product "Drupal" and version " >= 4.6.0 < 4.6.2"		-		Affected
Tiki Search vendor "Tiki"		Tikiwiki Cms\/groupware Search vendor "Tiki" for product "Tikiwiki Cms\/groupware"				< 1.8.5 Search vendor "Tiki" for product "Tikiwiki Cms\/groupware" and version " < 1.8.5"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				3.1 Search vendor "Debian" for product "Debian Linux" and version "3.1"		-		Affected