Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2005-1921

Disclosure Date: July 05, 2005 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Metasploit Module

PHP XML-RPC Arbitrary Code Execution

Description

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

Products

Weaknesses

CWE-94

Metasploit Modules

PHP XML-RPC Arbitrary Code Execution (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/php_xmlrpc_eval.rb)

References

Canonical

CVE-2005-1921 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1921)

BID-14088 (http://www.securityfocus.com/bid/14088)

Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A350

DSA-789 (http://www.debian.org/security/2005/dsa-789)

SECUNIA-15947 (http://secunia.com/advisories/15947)

SECUNIA-15852 (http://secunia.com/advisories/15852)

SECUNIA-15944 (http://secunia.com/advisories/15944)

http://www.novell.com/linux/security/advisories/2005_18_sr.html

SECUNIA-15883 (http://secunia.com/advisories/15883)

SECUNIA-15872 (http://secunia.com/advisories/15872)

SECUNIA-15895 (http://secunia.com/advisories/15895)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11294

SECTRACK-1015336 (http://securitytracker.com/id?1015336)

DSA-746 (http://www.debian.org/security/2005/dsa-746)

SECUNIA-17674 (http://secunia.com/advisories/17674)

ADV-2005-2827 (http://www.vupen.com/english/advisories/2005/2827)

SECUNIA-15917 (http://secunia.com/advisories/15917)

DSA-747 (http://www.debian.org/security/2005/dsa-747)

http://www.novell.com/linux/security/advisories/2005_41_php_pear.html

SSRT051069 (http://www.securityfocus.com/archive/1/419064/100/0/threaded)

http://marc.info?l=bugtraq&m=112605112027335&w=2

SECUNIA-15957 (http://secunia.com/advisories/15957)

http://www.ampache.org/announce/3_3_1_2.php

SECUNIA-15810 (http://secunia.com/advisories/15810)

GLSA-200507-01 (http://security.gentoo.org/glsa/glsa-200507-01.xml)

http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt

SECUNIA-16693 (http://secunia.com/advisories/16693)

20050629 Advisory 02/2005: Remote code execution in Serendipity (http://marc.info?l=bugtraq&m=112008638320145&w=2)

20050629 [DRUPAL-SA-2005-003] Drupal 4.6.2 / 4.5.4 fixes critical XML-RPC issue (http://marc.info?l=bugtraq&m=112015336720867&w=2)

GLSA-200507-07 (http://security.gentoo.org/glsa/glsa-200507-07.xml)

SECUNIA-15904 (http://secunia.com/advisories/15904)

SECUNIA-15903 (http://secunia.com/advisories/15903)

http://www.novell.com/linux/security/advisories/2005_49_php.html

http://sourceforge.net/project/shownotes.php?release_id=338803

SECUNIA-17440 (http://secunia.com/advisories/17440)

SECUNIA-15922 (http://secunia.com/advisories/15922)

SECUNIA-15884 (http://secunia.com/advisories/15884)

SECUNIA-15916 (http://secunia.com/advisories/15916)

http://www.redhat.com/support/errata/RHSA-2005-564.html

SECUNIA-16001 (http://secunia.com/advisories/16001)

http://sourceforge.net/project/showfiles.php?group_id=87163

GLSA-200507-06 (http://security.gentoo.org/glsa/glsa-200507-06.xml)

DSA-745 (http://www.debian.org/security/2005/dsa-745)

SECUNIA-15855 (http://secunia.com/advisories/15855)

SECUNIA-16339 (http://secunia.com/advisories/16339)

SECUNIA-18003 (http://secunia.com/advisories/18003)

SECUNIA-15861 (http://secunia.com/advisories/15861)

Miscellaneous

http://www.gulftech.org?node=research&article_id=00087-07012005

http://www.hardened-php.net/advisory-022005.php

http://pear.php.net/package/XML_RPC/download/1.3.1

http://www.mandriva.com/security/advisories?name=MDKSA-2005:109

http://marc.info/?l=bugtraq&m=112605112027335&w=2

http://marc.info/?l=bugtraq&m=112008638320145&w=2

http://marc.info/?l=bugtraq&m=112015336720867&w=2

http://www.gulftech.org/?node=research&article_id=00087-07012005

Rapid7

Technical Analysis