Alias(es)PHP.PEAR.XML-RPC.PHPCode.Injection.A, PHP.PEAR.XML-RPC.PHPCode.Injection.B |
Release DateNov 08, 2005 |
Severitylow |
ImpactSystem compromise: remote code execution. |
DescriptionThis indicates a possible attempt to launch a PHP injection attack against XML-RPC.XML-RPC for PHP is vulnerable to a PHP injection attack. A successful exploit can lead to the execution of an arbitrary PHP script with the privileges of the Web server. |
Affected ProductsXML-RPC for PHP 1.1 and earlier versions |
Recommended ActionsApply the appropriate patch from the vendor or upgrade to a non-vulnerable version. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2005-1921CVE-2005-2116 |
Reference/shttp://www.securityfocus.com/bid/14088 (BugTraq) |
