7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
85.4%
A Hardened-PHP Project Security Advisory reports:
When the library parses XMLRPC requests/responses, it constructs
a string of PHP code, that is later evaluated. This means any
failure to properly handle the construction of this string can
result in arbitrary execution of PHP code.
This new injection vulnerability is cause by not properly
handling the situation, when certain XML tags are nested
in the parsed document, that were never meant to be nested
at all. This can be easily exploited in a way, that
user-input is placed outside of string delimiters within
the evaluation string, which obviously results in
arbitrary code execution.
Note that several applications contains an embedded version
on XML_RPC, therefor making them the vulnerable to the same
code injection vulnerability.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | pear-xml_rpc | < 1.4.0 | UNKNOWN |
FreeBSD | any | noarch | phpmyfaq | < 1.4.11 | UNKNOWN |
FreeBSD | any | noarch | drupal | < 4.6.3 | UNKNOWN |
FreeBSD | any | noarch | egroupware | < 1.0.0.009 | UNKNOWN |
FreeBSD | any | noarch | phpadsnew | < 2.0.5 | UNKNOWN |
FreeBSD | any | noarch | phpgroupware | < 0.9.16.007 | UNKNOWN |
FreeBSD | any | noarch | b2evolution | < 0.9.0.12_2 | UNKNOWN |
b2evolution.net/news/2005/08/31/fix_for_xml_rpc_vulnerability_again_1
downloads.phpgroupware.org/changelog
drupal.org/files/sa-2005-004/advisory.txt
phpadsnew.com/two/nucleus/index.php?itemid=45
sourceforge.net/project/shownotes.php?release_id=349626
www.hardened-php.net/advisory_142005.66.html
www.hardened-php.net/advisory_152005.67.html
www.phpmyfaq.de/advisory_2005-08-15.php