CVE-2005-1921 : Detalhe

CVE-2005-1921

Code Injection
A03-Injection
86.15%V4
Network
2005-07-01
08h00 +00:00
2024-08-07
22h06 +00:00
CVE.org
NVD
Notificações para um CVE
Fique informado sobre quaisquer alterações para um CVE específico.
Gerenciar notificações

Descrições CVE

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

Informações CVE

Fraquezas Relacionadas

CWE-ID Nome da Fraqueza Source
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Métricas

Métricas Pontuação Gravidade CVSS Vetor Source
V2 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P nvd@nist.gov

EPSS

O EPSS é um modelo de pontuação que prevê a probabilidade de uma vulnerabilidade ser explorada.

Pontuação EPSS

O modelo EPSS produz uma pontuação de probabilidade entre 0 e 1 (0 e 100%). Quanto maior a pontuação, maior a probabilidade de uma vulnerabilidade ser explorada.

Percentil EPSS

O percentil é usado para classificar os CVEs de acordo com sua pontuação EPSS. Por exemplo, um CVE no percentil 95 segundo sua pontuação EPSS tem mais probabilidade de ser explorado do que 95% dos outros CVEs. Assim, o percentil é usado para comparar a pontuação EPSS de um CVE com a de outros CVEs.
EPSS First.org

Informações sobre exploit

Exploit Database EDB-ID : 43829

Data de publicação : 2015-07-01 22h00 +00:00
Autor : GulfTech Security
Verificado pelo EDB : No

Exploit Database EDB-ID : 16882

Data de publicação : 2010-07-24 22h00 +00:00
Autor : Metasploit
Verificado pelo EDB : Yes

Exploit Database EDB-ID : 1078

Data de publicação : 2005-06-30 22h00 +00:00
Autor : ilo--
Verificado pelo EDB : Yes

Exploit Database EDB-ID : 1083

Data de publicação : 2005-07-03 22h00 +00:00
Autor : dukenn
Verificado pelo EDB : Yes

Exploit Database EDB-ID : 1084

Data de publicação : 2005-07-03 22h00 +00:00
Autor : Mike Rifone
Verificado pelo EDB : Yes

Products Mentioned

Configuraton 0

Php>>Xml_rpc >> Version To (including) 1.3.0

Configuraton 0

Gggeek>>Phpxmlrpc >> Version To (including) 1.1

Configuraton 0

Drupal>>Drupal >> Version To (excluding) 4.5.4

Drupal>>Drupal >> Version From (including) 4.6.0 To (excluding) 4.6.2

Configuraton 0

Tiki>>Tikiwiki_cms\/groupware >> Version To (excluding) 1.8.5

Configuraton 0

Debian>>Debian_linux >> Version 3.1

Referências

http://www.debian.org/security/2005/dsa-789
Tags : vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/15947
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/15852
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/15944
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/15883
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/15872
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/15895
Tags : third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1015336
Tags : vdb-entry, x_refsource_SECTRACK
http://www.debian.org/security/2005/dsa-746
Tags : vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/17674
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2005/2827
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/15917
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2005/dsa-747
Tags : vendor-advisory, x_refsource_DEBIAN
http://marc.info/?l=bugtraq&m=112605112027335&w=2
Tags : vendor-advisory, x_refsource_SUSE
http://secunia.com/advisories/15957
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/15810
Tags : third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200507-01.xml
Tags : vendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/bid/14088
Tags : vdb-entry, x_refsource_BID
http://secunia.com/advisories/16693
Tags : third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=112008638320145&w=2
Tags : mailing-list, x_refsource_BUGTRAQ
http://marc.info/?l=bugtraq&m=112015336720867&w=2
Tags : mailing-list, x_refsource_BUGTRAQ
http://security.gentoo.org/glsa/glsa-200507-07.xml
Tags : vendor-advisory, x_refsource_GENTOO
http://secunia.com/advisories/15904
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/15903
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/17440
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/15922
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/15884
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/15916
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2005-564.html
Tags : vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/16001
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2005:109
Tags : vendor-advisory, x_refsource_MANDRAKE
http://security.gentoo.org/glsa/glsa-200507-06.xml
Tags : vendor-advisory, x_refsource_GENTOO
http://www.debian.org/security/2005/dsa-745
Tags : vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/15855
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/16339
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/18003
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/15861
Tags : third-party-advisory, x_refsource_SECUNIA
As informações apresentadas no CVE Find originam-se de várias fontes de referência cuidadosamente selecionadas. Os dados CVE são fornecidos pela MITRE Corporation e pelo National Vulnerability Database (NVD). O catálogo de Vulnerabilidades Conhecidas Exploradas (KEV) é proveniente da Cybersecurity and Infrastructure Security Agency (CISA), enquanto as pontuações EPSS vêm do FIRST.org. Além disso, os dados sobre fraquezas de software (CWE) e padrões de ataque comuns (CAPEC) são mantidos pela MITRE Corporation, e as informações sobre configurações de hardware e software (CPE) são fornecidas pelo NVD.