FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

pear-XML_RPC -- arbitrary remote code execution

Affected packages
pear-XML_RPC < 1.3.1

Details

VuXML ID 523fad14-eb9d-11d9-a8bd-000cf18bbe54
Discovery 2005-06-29
Entry 2005-07-03

GulfTech Security Research Team reports:

PEAR XML_RPC is vulnerable to a very high risk php code injection vulnerability due to unsanatized data being passed into an eval() call.

[source]

References

CVE Name CVE-2005-1921
URL http://www.gulftech.org/?node=research&article_id=00087-07012005
URL http://www.hardened-php.net/advisory-022005.php

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.

OSZAR »