NVD Vulnerability Detail

CVE-2005-2498

Summary	Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.
Publication Date	Aug. 15, 2005, 1 p.m.
Registration Date	Jan. 29, 2021, 5:58 p.m.
Last Update	Feb. 15, 2024, 12:47 a.m.

CVSS2.0 : HIGH
Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:gggeek:phpxmlrpc::::::::			1.1.1

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:3.1:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://www.hardened-php.net/advisory_152005.67.html	MISC	Not Applicable Patch Vendor Advisory
2	http://www.redhat.com/support/errata/RHSA-2005-748.html	REDHAT	Broken Link
3	http://www.debian.org/security/2005/dsa-798	DEBIAN	Mailing List Third Party Advisory
4	http://www.debian.org/security/2005/dsa-789	DEBIAN	Mailing List Third Party Advisory
5	http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml	GENTOO	Third Party Advisory
6	http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html	FEDORA	Broken Link
7	http://secunia.com/advisories/16431	SECUNIA	Broken Link
8	http://secunia.com/advisories/16432	SECUNIA	Broken Link
9	http://secunia.com/advisories/16441	SECUNIA	Broken Link
10	http://secunia.com/advisories/16460	SECUNIA	Broken Link
11	http://secunia.com/advisories/16465	SECUNIA	Broken Link
12	http://secunia.com/advisories/16468	SECUNIA	Broken Link
13	http://secunia.com/advisories/16469	SECUNIA	Broken Link
14	http://secunia.com/advisories/16491	SECUNIA	Broken Link
15	http://secunia.com/advisories/16550	SECUNIA	Broken Link
16	http://secunia.com/advisories/16558	SECUNIA	Broken Link
17	http://secunia.com/advisories/16563	SECUNIA	Broken Link
18	http://secunia.com/advisories/16619	SECUNIA	Broken Link
19	http://secunia.com/advisories/16635	SECUNIA	Broken Link
20	http://secunia.com/advisories/16693	SECUNIA	Broken Link
21	http://secunia.com/advisories/16976	SECUNIA	Broken Link
22	http://secunia.com/advisories/17440	SECUNIA	Broken Link
23	http://www.debian.org/security/2005/dsa-840	DEBIAN	Mailing List
24	http://www.debian.org/security/2005/dsa-842	DEBIAN	Mailing List Third Party Advisory
25	http://secunia.com/advisories/17053	SECUNIA	Broken Link
26	http://secunia.com/advisories/17066	SECUNIA	Broken Link
27	http://www.securityfocus.com/archive/1/408125	BUGTRAQ	Broken Link Third Party Advisory VDB Entry
28	http://www.securityfocus.com/bid/14560	BID	Broken Link Third Party Advisory VDB Entry
29	http://www.novell.com/linux/security/advisories/2005_49_php.html	SUSE	Broken Link
30	http://marc.info/?l=bugtraq&m=112412415822890&w=2	BUGTRAQ	Third Party Advisory
31	http://marc.info/?l=bugtraq&m=112431497300344&w=2	BUGTRAQ	Third Party Advisory
32	http://marc.info/?l=bugtraq&m=112605112027335&w=2	SUSE	Third Party Advisory
33	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9569	OVAL	Broken Link

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-94	コード・インジェクション	https://cwe.mitre.org/data/definitions/94.html