Unrated severityNVD Advisory· Published Jul 5, 2005· Updated Apr 16, 2026

CVE-2005-1921

Description

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

Affected products

Drupal/Drupal
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
Range: <4.5.4
Gggeek/Phpxmlrpc
cpe:2.3:a:gggeek:phpxmlrpc:*:*:*:*:*:*:*:*
Range: <=1.1
PHP/Xml Rpc
cpe:2.3:a:php:xml_rpc:*:*:*:*:*:pear:*:*
Range: <=1.3.0
Tiki/Tikiwiki Cms\/groupware
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:*:*:*:*:*:*:*:*
Range: <1.8.5
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

pear.php.net/package/XML_RPC/download/1.3.1nvdPatchProduct
www.mandriva.com/security/advisoriesnvdPatchThird Party AdvisoryVendor Advisory
marc.infonvdThird Party Advisory
marc.infonvdThird Party Advisory
marc.infonvdThird Party Advisory
security.gentoo.org/glsa/glsa-200507-01.xmlnvdThird Party Advisory
security.gentoo.org/glsa/glsa-200507-06.xmlnvdThird Party Advisory
security.gentoo.org/glsa/glsa-200507-07.xmlnvdThird Party Advisory
securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
www.debian.org/security/2005/dsa-745nvdMailing ListThird Party Advisory
www.debian.org/security/2005/dsa-746nvdMailing ListThird Party Advisory
www.debian.org/security/2005/dsa-747nvdMailing ListThird Party Advisory
www.debian.org/security/2005/dsa-789nvdMailing ListThird Party Advisory
www.drupal.org/security/drupal-sa-2005-003/advisory.txtnvdThird Party Advisory
www.gulftech.orgnvdNot ApplicableVendor Advisory
www.securityfocus.com/archive/1/419064/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/14088nvdBroken LinkThird Party AdvisoryVDB Entry
secunia.com/advisories/15810nvdBroken Link
secunia.com/advisories/15852nvdBroken Link
secunia.com/advisories/15855nvdBroken Link
secunia.com/advisories/15861nvdBroken Link
secunia.com/advisories/15872nvdBroken Link
secunia.com/advisories/15883nvdBroken Link
secunia.com/advisories/15884nvdBroken Link
secunia.com/advisories/15895nvdBroken Link
secunia.com/advisories/15903nvdBroken Link
secunia.com/advisories/15904nvdBroken Link
secunia.com/advisories/15916nvdBroken Link
secunia.com/advisories/15917nvdBroken Link
secunia.com/advisories/15922nvdBroken Link
secunia.com/advisories/15944nvdBroken Link
secunia.com/advisories/15947nvdBroken Link
secunia.com/advisories/15957nvdBroken Link
secunia.com/advisories/16001nvdBroken Link
secunia.com/advisories/16339nvdBroken Link
secunia.com/advisories/16693nvdBroken Link
secunia.com/advisories/17440nvdBroken Link
secunia.com/advisories/17674nvdBroken Link
secunia.com/advisories/18003nvdBroken Link
sourceforge.net/project/showfiles.phpnvdProduct
sourceforge.net/project/shownotes.phpnvdBroken Link
www.ampache.org/announce/3_3_1_2.phpnvdBroken Link
www.hardened-php.net/advisory-022005.phpnvdNot Applicable
www.novell.com/linux/security/advisories/2005_18_sr.htmlnvdBroken Link
www.novell.com/linux/security/advisories/2005_41_php_pear.htmlnvdBroken Link
www.novell.com/linux/security/advisories/2005_49_php.htmlnvdBroken Link
www.redhat.com/support/errata/RHSA-2005-564.htmlnvdBroken Link
www.vupen.com/english/advisories/2005/2827nvdBroken Link
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11294nvdBroken Link
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A350nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.069
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000