← volver
CVE-2005-2498

CVE-2005-2498

EPSS 5.1%
Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://marc.info/?l=bugtraq&m=112412415822890&w=2http://marc.info/?l=bugtraq&m=112431497300344&w=2http://marc.info/?l=bugtraq&m=112605112027335&w=2http://secunia.com/advisories/16431http://secunia.com/advisories/16432http://secunia.com/advisories/16441http://secunia.com/advisories/16460http://secunia.com/advisories/16465http://secunia.com/advisories/16468http://secunia.com/advisories/16469http://secunia.com/advisories/16491http://secunia.com/advisories/16550