php xml-rpc CVE-2005-1921 vulnerability in PHP and Other Products
Published on July 5, 2005

product logo product logo product logo product logo product logo
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD


Products Associated with CVE-2005-1921

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2005-1921 are published in these products:

PHP Xml Rpc
 
Gggeek Phpxmlrpc
 
Drupal
 
Tikiwiki Cmsgroupware
 
Debian Linux
 

Exploit Probability

EPSS
86.15%
Percentile
99.39%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.