CVE-2005-2498

PHPXMLRPC < 1.1.1 - Remote Code Execution via Nested XML Tag Injection

Title source: llm
STIX 2.1

Description

Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.

References (33)

Core 33
Core References
Mailing List, Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2005/dsa-789
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17066
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16441
Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112431497300344&w=2
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16491
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16619
Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112412415822890&w=2
Third Party Advisory vendor-advisory x_refsource_suse
http://marc.info/?l=bugtraq&m=112605112027335&w=2
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16460
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2005-748.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14560
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16558
Mailing List vendor-advisory x_refsource_debian
http://www.debian.org/security/2005/dsa-840
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16431
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16693
Broken Link vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2005_49_php.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17440
Broken Link, Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/408125
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16976
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16469
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16563
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17053
Mailing List, Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2005/dsa-798
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16468
Mailing List, Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2005/dsa-842
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16465
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16635
Not Applicable, Patch, Vendor Advisory x_refsource_misc
http://www.hardened-php.net/advisory_152005.67.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16432
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16550

Scores

EPSS 0.0509
EPSS Percentile 91.3%

Details

CWE
CWE-94
Status published
Products (2)
debian/debian_linux 3.1
gggeek/phpxmlrpc < 1.1.1
Published Aug 15, 2005
Tracked Since Feb 18, 2026