CVE-2005-1921

Name of the Vulnerable Software and Affected Versions PEAR XML RPC versions 1.3.0 and earlier PHPXMLRPC versions 1.1 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement. This affects products such as WordPress, Serendipity, Drupal, egroupware, MailWatch, TikiWiki, phpWebSite, Ampache, and others.

Recommendations For PEAR XML RPC versions 1.3.0 and earlier, update to a version later than 1.3.0 to resolve the issue. For PHPXMLRPC versions 1.1 and earlier, update to a version later than 1.1 to resolve the issue. As a temporary workaround, consider disabling the use of XML files in the affected products until a patch is available. Restrict access to the eval statement in the affected PHP code to minimize the risk of exploitation.