FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

pear-XML_RPC -- arbitrary remote code execution

Affected packages
pear-XML_RPC < 1.3.1

Details

VuXML ID 523fad14-eb9d-11d9-a8bd-000cf18bbe54
Discovery 2005-06-29
Entry 2005-07-03

GulfTech Security Research Team reports:

PEAR XML_RPC is vulnerable to a very high risk php code injection vulnerability due to unsanatized data being passed into an eval() call.

References

CVE Name CVE-2005-1921
URL http://www.gulftech.org/?node=research&article_id=00087-07012005
URL http://www.hardened-php.net/advisory-022005.php