CVE-2005-2498
PHPXMLRPC < 1.1.1 - Remote Code Execution via Nested XML Tag Injection
Title source: llmDescription
Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.
References (33)
Core 33
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2005/dsa-789
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17066
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16441
Third Party Advisory mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112431497300344&w=2
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16491
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16619
Third Party Advisory mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112412415822890&w=2
Third Party Advisory vendor-advisory
x_refsource_suse
http://marc.info/?l=bugtraq&m=112605112027335&w=2
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16460
Broken Link vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2005-748.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/14560
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16558
Mailing List vendor-advisory
x_refsource_debian
http://www.debian.org/security/2005/dsa-840
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16431
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16693
Broken Link vendor-advisory
x_refsource_fedora
http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html
Broken Link vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2005_49_php.html
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17440
Broken Link, Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/408125
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16976
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16469
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16563
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17053
Mailing List, Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2005/dsa-798
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16468
Mailing List, Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2005/dsa-842
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16465
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16635
Not Applicable, Patch, Vendor Advisory x_refsource_misc
http://www.hardened-php.net/advisory_152005.67.html
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16432
Broken Link vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9569
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/16550
Scores
EPSS
0.0509
EPSS Percentile
91.3%
Details
CWE
CWE-94
Status
published
Products (2)
debian/debian_linux
3.1
gggeek/phpxmlrpc
< 1.1.1
Published
Aug 15, 2005
Tracked Since
Feb 18, 2026