CVE-2005-1921

Publication date 5 July 2005

Last updated 17 July 2025

Ubuntu priority

Medium

Why this priority?

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

Status

Package Ubuntu Release Status
php4 7.04 feisty Not in release
6.10 edgy
Not affected
6.06 LTS dapper
Not affected
egroupware 7.04 feisty
Fixed 1.0.0.009.dfsg-3-4
6.10 edgy
Fixed 1.0.0.009.dfsg-3-4
6.06 LTS dapper
Fixed 1.0.0.009.dfsg-3-4
php5 7.04 feisty
Fixed 5.2.1-0ubuntu1.4
6.10 edgy
Fixed 5.1.6-1ubuntu2.6
6.06 LTS dapper
Fixed 5.1.2-1ubuntu3.9
phpwiki 7.04 feisty
Not affected
6.10 edgy
Not affected
6.06 LTS dapper
Not affected

References

Related Ubuntu Security Notices (USN)

    • USN-147-1
    • PHP XMLRPC vulnerability
    • 5 July 2005

Other references