CVE DATABASE / CVE-2005-1921
CVE-2005-1921
CVSS 7.5 · HIGH
Summary
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
CVSS 2.0 breakdown
| Base score | 7.5 (HIGH) |
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Confidentiality | PARTIAL |
| Integrity | PARTIAL |
| Availability | PARTIAL |
Weakness type (CWE)
Affected products
Php xml rpcGggeek phpxmlrpcDrupal drupalTiki tikiwiki cms\/groupwareDebian debian linux
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://marc.info/?l=bugtraq&m=112008638320145&w=2
- http://marc.info/?l=bugtraq&m=112015336720867&w=2
- http://marc.info/?l=bugtraq&m=112605112027335&w=2
- http://pear.php.net/package/XML_RPC/download/1.3.1
- http://secunia.com/advisories/15810
- http://secunia.com/advisories/15852
- http://secunia.com/advisories/15855
- http://secunia.com/advisories/15861
- http://secunia.com/advisories/15872
- http://secunia.com/advisories/15883
- http://secunia.com/advisories/15884
- http://secunia.com/advisories/15895
- http://secunia.com/advisories/15903
- http://secunia.com/advisories/15904
- http://secunia.com/advisories/15916
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.