|XML-RPC for PHP PHP Code Execution Vulnerability|
|Secunia Advisory:||SA15852|| |
|Solution Status:||Vendor Patch|
|Software:||XML-RPC for PHP 1.x|
|Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.|
James Bercegay has reported a vulnerability in XML-RPC for PHP, which can be exploited by malicious people to compromise a vulnerable system.
Input passed in an XML document is not properly sanitised before being used in an "eval()" call. This can be exploited to inject arbitrary PHP code via a specially crafted XML document.
The vulnerability has been reported in version 1.1 and prior.
Update to version 1.1.1.
Provided and/or discovered by:
James Bercegay, GulfTech Security Research.
2005-06-30: New version released. Updated "Solution" section.
2005-07-01: James Bercegay released advisory. Updated "Description" section.
|Please note: The information, which this Secunia Advisory is based upon, comes from third party unless stated otherwise.|
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|Send Feedback to Secunia:|
|If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at firstname.lastname@example.org.|
Ideas, suggestions, and other feedback is most welcome.
|Found: 1 Related Secunia Security Advisories|
|- XML-RPC for PHP Nested XML Tags PHP Code Execution|