NVD

CVE-2005-2498 Detail

Deferred

This CVE record is not being prioritized for NVD enrichment efforts due to resource or other concerns.

Description

Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: 7.5 HIGH

Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
http://marc.info/?l=bugtraq&m=112412415822890&w=2	CVE, Inc., Red Hat	Third Party Advisory
http://marc.info/?l=bugtraq&m=112431497300344&w=2	CVE, Inc., Red Hat	Third Party Advisory
http://marc.info/?l=bugtraq&m=112605112027335&w=2	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/16431	CVE, Inc., Red Hat	Broken Link
http://secunia.com/advisories/16432	CVE, Inc., Red Hat	Broken Link
http://secunia.com/advisories/16441	CVE, Inc., Red Hat	Broken Link
http://secunia.com/advisories/16460	CVE, Inc., Red Hat	Broken Link
http://secunia.com/advisories/16465	CVE, Inc., Red Hat	Broken Link
http://secunia.com/advisories/16468	CVE, Inc., Red Hat	Broken Link
http://secunia.com/advisories/16469	CVE, Inc., Red Hat	Broken Link
http://secunia.com/advisories/16491	CVE, Inc., Red Hat	Broken Link
http://secunia.com/advisories/16550	CVE, Inc., Red Hat	Broken Link
http://secunia.com/advisories/16558	CVE, Inc., Red Hat	Broken Link
http://secunia.com/advisories/16563	CVE, Inc., Red Hat	Broken Link
http://secunia.com/advisories/16619	CVE, Inc., Red Hat	Broken Link
http://secunia.com/advisories/16635	CVE, Inc., Red Hat	Broken Link
http://secunia.com/advisories/16693	CVE, Inc., Red Hat	Broken Link
http://secunia.com/advisories/16976	CVE, Inc., Red Hat	Broken Link
http://secunia.com/advisories/17053	CVE, Inc., Red Hat	Broken Link
http://secunia.com/advisories/17066	CVE, Inc., Red Hat	Broken Link
http://secunia.com/advisories/17440	CVE, Inc., Red Hat	Broken Link
http://www.debian.org/security/2005/dsa-789	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://www.debian.org/security/2005/dsa-798	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://www.debian.org/security/2005/dsa-840	CVE, Inc., Red Hat	Mailing List
http://www.debian.org/security/2005/dsa-842	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html	CVE, Inc., Red Hat	Broken Link
http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml	CVE, Inc., Red Hat	Third Party Advisory
http://www.hardened-php.net/advisory_152005.67.html	CVE, Inc., Red Hat	Not Applicable Patch Vendor Advisory
http://www.novell.com/linux/security/advisories/2005_49_php.html	CVE, Inc., Red Hat	Broken Link
http://www.redhat.com/support/errata/RHSA-2005-748.html	CVE, Inc., Red Hat	Broken Link
http://www.securityfocus.com/archive/1/408125	CVE, Inc., Red Hat	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/14560	CVE, Inc., Red Hat	Broken Link Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9569	CVE, Inc., Red Hat	Broken Link

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-94	Improper Control of Generation of Code ('Code Injection')	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

6 change records found show changes

CVE Modified by CVE 11/20/2024 6:59:41 PM

Action	Type	New Value
Added	Reference	http://marc.info/?l=bugtraq&m=112412415822890&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=112431497300344&w=2
Added	Reference	http://marc.info/?l=bugtraq&m=112605112027335&w=2
Added	Reference	http://secunia.com/advisories/16431
Added	Reference	http://secunia.com/advisories/16432
Added	Reference	http://secunia.com/advisories/16441
Added	Reference	http://secunia.com/advisories/16460
Added	Reference	http://secunia.com/advisories/16465
Added	Reference	http://secunia.com/advisories/16468
Added	Reference	http://secunia.com/advisories/16469
Added	Reference	http://secunia.com/advisories/16491
Added	Reference	http://secunia.com/advisories/16550
Added	Reference	http://secunia.com/advisories/16558
Added	Reference	http://secunia.com/advisories/16563
Added	Reference	http://secunia.com/advisories/16619
Added	Reference	http://secunia.com/advisories/16635
Added	Reference	http://secunia.com/advisories/16693
Added	Reference	http://secunia.com/advisories/16976
Added	Reference	http://secunia.com/advisories/17053
Added	Reference	http://secunia.com/advisories/17066
Added	Reference	http://secunia.com/advisories/17440
Added	Reference	http://www.debian.org/security/2005/dsa-789
Added	Reference	http://www.debian.org/security/2005/dsa-798
Added	Reference	http://www.debian.org/security/2005/dsa-840
Added	Reference	http://www.debian.org/security/2005/dsa-842
Added	Reference	http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html
Added	Reference	http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml
Added	Reference	http://www.hardened-php.net/advisory_152005.67.html
Added	Reference	http://www.novell.com/linux/security/advisories/2005_49_php.html
Added	Reference	http://www.redhat.com/support/errata/RHSA-2005-748.html
Added	Reference	http://www.securityfocus.com/archive/1/408125
Added	Reference	http://www.securityfocus.com/bid/14560
Added	Reference	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9569

Modified Analysis by NIST 2/14/2024 10:47:32 AM

Action	Type	Old Value	New Value
Added	CVSS V2		NIST (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Removed	CVSS V2	NIST (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Added	CWE		NIST CWE-94
Removed	CWE	NIST NVD-CWE-Other
Changed	CPE Configuration	OR cpe:2.3:a:edd_dumbill:phpxmlrpc:1.1.1:::::::	OR cpe:2.3:a:gggeek:phpxmlrpc::::::::* versions up to (including) 1.1.1
Added	CPE Configuration		OR cpe:2.3:o:debian:debian_linux:3.1:::::::
Changed	Reference Type	http://marc.info/?l=bugtraq&m=112412415822890&w=2 No Types Assigned	http://marc.info/?l=bugtraq&m=112412415822890&w=2 Third Party Advisory
Changed	Reference Type	http://marc.info/?l=bugtraq&m=112431497300344&w=2 No Types Assigned	http://marc.info/?l=bugtraq&m=112431497300344&w=2 Third Party Advisory
Changed	Reference Type	http://marc.info/?l=bugtraq&m=112605112027335&w=2 No Types Assigned	http://marc.info/?l=bugtraq&m=112605112027335&w=2 Third Party Advisory
Changed	Reference Type	http://secunia.com/advisories/16431 No Types Assigned	http://secunia.com/advisories/16431 Broken Link
Changed	Reference Type	http://secunia.com/advisories/16432 No Types Assigned	http://secunia.com/advisories/16432 Broken Link
Changed	Reference Type	http://secunia.com/advisories/16441 No Types Assigned	http://secunia.com/advisories/16441 Broken Link
Changed	Reference Type	http://secunia.com/advisories/16460 No Types Assigned	http://secunia.com/advisories/16460 Broken Link
Changed	Reference Type	http://secunia.com/advisories/16465 No Types Assigned	http://secunia.com/advisories/16465 Broken Link
Changed	Reference Type	http://secunia.com/advisories/16468 No Types Assigned	http://secunia.com/advisories/16468 Broken Link
Changed	Reference Type	http://secunia.com/advisories/16469 No Types Assigned	http://secunia.com/advisories/16469 Broken Link
Changed	Reference Type	http://secunia.com/advisories/16491 No Types Assigned	http://secunia.com/advisories/16491 Broken Link
Changed	Reference Type	http://secunia.com/advisories/16550 No Types Assigned	http://secunia.com/advisories/16550 Broken Link
Changed	Reference Type	http://secunia.com/advisories/16558 No Types Assigned	http://secunia.com/advisories/16558 Broken Link
Changed	Reference Type	http://secunia.com/advisories/16563 No Types Assigned	http://secunia.com/advisories/16563 Broken Link
Changed	Reference Type	http://secunia.com/advisories/16619 No Types Assigned	http://secunia.com/advisories/16619 Broken Link
Changed	Reference Type	http://secunia.com/advisories/16635 No Types Assigned	http://secunia.com/advisories/16635 Broken Link
Changed	Reference Type	http://secunia.com/advisories/16693 No Types Assigned	http://secunia.com/advisories/16693 Broken Link
Changed	Reference Type	http://secunia.com/advisories/16976 No Types Assigned	http://secunia.com/advisories/16976 Broken Link
Changed	Reference Type	http://secunia.com/advisories/17053 No Types Assigned	http://secunia.com/advisories/17053 Broken Link
Changed	Reference Type	http://secunia.com/advisories/17066 No Types Assigned	http://secunia.com/advisories/17066 Broken Link
Changed	Reference Type	http://secunia.com/advisories/17440 No Types Assigned	http://secunia.com/advisories/17440 Broken Link
Changed	Reference Type	http://www.debian.org/security/2005/dsa-789 No Types Assigned	http://www.debian.org/security/2005/dsa-789 Mailing List, Third Party Advisory
Changed	Reference Type	http://www.debian.org/security/2005/dsa-798 No Types Assigned	http://www.debian.org/security/2005/dsa-798 Mailing List, Third Party Advisory
Changed	Reference Type	http://www.debian.org/security/2005/dsa-840 No Types Assigned	http://www.debian.org/security/2005/dsa-840 Mailing List
Changed	Reference Type	http://www.debian.org/security/2005/dsa-842 No Types Assigned	http://www.debian.org/security/2005/dsa-842 Mailing List, Third Party Advisory
Changed	Reference Type	http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html No Types Assigned	http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html Broken Link
Changed	Reference Type	http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml No Types Assigned	http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml Third Party Advisory
Changed	Reference Type	http://www.hardened-php.net/advisory_152005.67.html Patch, Vendor Advisory	http://www.hardened-php.net/advisory_152005.67.html Not Applicable, Patch, Vendor Advisory
Changed	Reference Type	http://www.novell.com/linux/security/advisories/2005_49_php.html No Types Assigned	http://www.novell.com/linux/security/advisories/2005_49_php.html Broken Link
Changed	Reference Type	http://www.redhat.com/support/errata/RHSA-2005-748.html No Types Assigned	http://www.redhat.com/support/errata/RHSA-2005-748.html Broken Link
Changed	Reference Type	http://www.securityfocus.com/archive/1/408125 No Types Assigned	http://www.securityfocus.com/archive/1/408125 Broken Link, Third Party Advisory, VDB Entry
Changed	Reference Type	http://www.securityfocus.com/bid/14560 No Types Assigned	http://www.securityfocus.com/bid/14560 Broken Link, Third Party Advisory, VDB Entry
Changed	Reference Type	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9569 No Types Assigned	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9569 Broken Link

Quick Info

CVE Dictionary Entry:
CVE-2005-2498
NVD Published Date:
08/15/2005
NVD Last Modified:
04/02/2025
Source:
Red Hat, Inc.

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2005-2498 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

CVE Modified by CVE 11/20/2024 6:59:41 PM

CVE Modified by Red Hat, Inc. 5/13/2024 9:31:10 PM

Modified Analysis by NIST 2/14/2024 10:47:32 AM

CVE Modified by Red Hat, Inc. 10/10/2017 9:30:17 PM

CVE Modified by Red Hat, Inc. 10/17/2016 11:27:59 PM

Initial CVE Analysis 8/15/2005 11:55:00 PM

Quick Info