| Last Updated Date | Sep 22, 2009 |
| Release Date | Nov 08, 2005 |
| Severity | High |
| Impact | System compromise: remote code execution. |
| Description | This indicates a possible attempt to launch a PHP injection attack against XML-RPC.
XML-RPC for PHP is vulnerable to a PHP injection attack. A successful exploit can lead to the execution of an arbitrary PHP script with the privileges of the Web server. |
| Affected Products | XML-RPC for PHP 1.1 and earlier versions |
| Recommended Actions | Apply the appropriate patch from the vendor or upgrade to a non-vulnerable version. |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1921
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2116
|
| Reference/s | http://www.securityfocus.com/bid/14088 (BugTraq)
|