Secunia - Stay Secure
Secunia monitors vulnerabilities in more than 6000 products, e.g.:
Internet Explorer | Mozilla Firefox | Opera | View All Products
Home >> Secunia Advisories >> XML-RPC for PHP PHP Code Execution Vulnerability

Secunia Advisories
Historic Advisories
Listed By Product
Listed By Vendor
Statistics
About Advisories
Secunia Research

Virus Information
Chronological List
Last 10 Virus Alerts
About Virus Info

Secunia Advisories
Weekly Summary
Secunia Virus Alerts


XML-RPC for PHP PHP Code Execution Vulnerability

Secunia Advisory:SA15852Print Advisory  
Release Date:2005-06-29
Last Update:2005-07-01

Critical:
Highly critical
Impact:System access
Where:From remote
Solution Status:Vendor Patch

Software:XML-RPC for PHP 1.x

Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.

Description:
James Bercegay has reported a vulnerability in XML-RPC for PHP, which can be exploited by malicious people to compromise a vulnerable system.

Input passed in an XML document is not properly sanitised before being used in an "eval()" call. This can be exploited to inject arbitrary PHP code via a specially crafted XML document.

The vulnerability has been reported in version 1.1 and prior.

Solution:
Update to version 1.1.1.
http://sourceforge.net/project/showfiles.php?group_id=34455

Provided and/or discovered by:
James Bercegay, GulfTech Security Research.

Changelog:
2005-06-30: New version released. Updated "Solution" section.
2005-07-01: James Bercegay released advisory. Updated "Description" section.

Original Advisory:
PostNuke:
http://news.postnuke.com/modules...ws&file=article&sid=2699

James Bercegay:
http://www.gulftech.org/?node=research&article_id=00088-07022005


Please note: The information, which this Secunia Advisory is based upon, comes from third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.


Send Feedback to Secunia:

If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback is most welcome.


Found: 1 Related Secunia Security Advisories

- XML-RPC for PHP Nested XML Tags PHP Code Execution


Receive all Secunia Security Advisories Free:


Read more about our mailing list.





Search



Secunia News

2005-11-21
Proof of Concept code has been released for a 6 months old Internet Explorer vulnerability. Criticality rating increased to Extremely Critical.

- - - - - - - - -

2005-06-21
Multiple browsers are vulnerable to the Dialog Origin Spoofing Vulnerability.

- - - - - - - - -

2005-04-04
Various Mozilla browsers are vulnerable to the Mozilla Arbitrary Memory Exposure Vulnerability.

- - - - - - - - -

2005-03-17
Want a new IT Security job?
Vacant positions at Secunia


Secunia Feeds

Secunia Advisories
Get the RSS feed or use our HTML version.

Secunia Virus Alerts
Get the RSS feed.

Special Requests
Special requests for your website can be sent to our support, or read more about featuring Secunia information here.


Terms & Conditions - Confidentiality - Copyright Secunia - Compliance - Contact Secunia