Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2005-2498

Опубликовано: 15 авг. 2005
Источник: nvd
CVSS2: 7.5
EPSS Низкий

Описание

Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:gggeek:phpxmlrpc:*:*:*:*:*:*:*:*
Версия до 1.1.1 (включая)
Конфигурация 2
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

EPSS

Процентиль: 89%
0.04688
Низкий

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

ubuntu логотип

CVE-2005-2498

ubuntu
около 20 лет назад

Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.

redhat логотип

CVE-2005-2498

redhat
около 20 лет назад

Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.

debian логотип

CVE-2005-2498

debian
около 20 лет назад

Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML- ...

github логотип

GHSA-mcp5-3g3r-5wm5

github
больше 3 лет назад

Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.

EPSS

Процентиль: 89%
0.04688
Низкий

7.5 High

CVSS2

Дефекты

CWE-94