CVE-2005-2498 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2005-2498 Interim 1 5 2024-09-16T02:40:09Z current 2021-05-30T12:33:12Z 2024-09-16T02:40:09Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2005-2498 Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YGNWX7FFPGHZOZ3MKK7X7VWUUE26EON2/#YGNWX7FFPGHZOZ3MKK7X7VWUUE26EON2 E-Mail link for SUSE-SA:2005:049 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SYCF5SGLMEYS464XNB4XWFFNLGTIM6GU/#SYCF5SGLMEYS464XNB4XWFFNLGTIM6GU E-Mail link for SUSE-SA:2005:051 https://www.suse.com/support/security/rating/ SUSE Security Ratings Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921. CVE-2005-2498 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P