Info

Last Modified

6 months ago

Percent Complete

100%

Disclosure

Jun 29, 2005

Discovery

Unknown

Dates

Exploit

Jun 30, 2005

Solution

Unknown

Description

XML-RPC for PHP (PHPXMLRPC) contains a flaw that may allow a remote attacker to execute arbitrary PHP code. The issue is due to the 'parseRequest()' function not properly sanitizing user-supplied input. By creating an XML file that uses single quotes to escape into the 'eval()' call, a remote attacker can execute arbitrary PHP code resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified
OSVDB: Web Related

Technical

The XML-RPC for PHP library, as well as the PEAR XMLRPC library, are used in a wide variety of products. Along with the products listed here, others may be vulnerable.

Solution

Upgrade to versions listed below or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

XML-RPC for PHP - 1.1.1
PostNuke - .760
Drupal - 4.5.4 / 4.6.2
XML_RPC - 1.3.1
phpMyFAQ - 1.4.9 / 1.5.0 RC5
Serendipity - 0.8.2
Nucleus CMS - 3.21
phpAdsNew - 2.0.6
phpPgAds - 2.0.6
phpGroupWare - 0.9.16.006
CamRPC - 1.0.2
eGroupWare - 1.0.0.007-3 / 1.0.0.008-2
MailWatch for MailScanner - 1.0.1
Ampache - 3.3.1.2
CivicSpace - 0.8.1
Jaws - 0.5.2
Max Media Manager - 0.1.28-rc
BLOG:CMS - 3.6.5
Eventum - 1.5.5
XOOPS - 2.2.1