CVE-2005-2498

N/A Unknown
Published: August 15, 2005 Modified: April 16, 2026
View on NVD

Description

Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://marc.info/?l=bugtraq&m=112412415822890&w=2
Source: secalert@redhat.com
Third Party Advisory
http://marc.info/?l=bugtraq&m=112431497300344&w=2
Source: secalert@redhat.com
Third Party Advisory
http://marc.info/?l=bugtraq&m=112605112027335&w=2
Source: secalert@redhat.com
Third Party Advisory
http://secunia.com/advisories/16431
Source: secalert@redhat.com
Broken Link
http://secunia.com/advisories/16432
Source: secalert@redhat.com
Broken Link
http://secunia.com/advisories/16441
Source: secalert@redhat.com
Broken Link
http://secunia.com/advisories/16460
Source: secalert@redhat.com
Broken Link
http://secunia.com/advisories/16465
Source: secalert@redhat.com
Broken Link
http://secunia.com/advisories/16468
Source: secalert@redhat.com
Broken Link
http://secunia.com/advisories/16469
Source: secalert@redhat.com
Broken Link
http://secunia.com/advisories/16491
Source: secalert@redhat.com
Broken Link
http://secunia.com/advisories/16550
Source: secalert@redhat.com
Broken Link
http://secunia.com/advisories/16558
Source: secalert@redhat.com
Broken Link
http://secunia.com/advisories/16563
Source: secalert@redhat.com
Broken Link
http://secunia.com/advisories/16619
Source: secalert@redhat.com
Broken Link
http://secunia.com/advisories/16635
Source: secalert@redhat.com
Broken Link
http://secunia.com/advisories/16693
Source: secalert@redhat.com
Broken Link
http://secunia.com/advisories/16976
Source: secalert@redhat.com
Broken Link
http://secunia.com/advisories/17053
Source: secalert@redhat.com
Broken Link
http://secunia.com/advisories/17066
Source: secalert@redhat.com
Broken Link
http://secunia.com/advisories/17440
Source: secalert@redhat.com
Broken Link
http://www.debian.org/security/2005/dsa-789
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://www.debian.org/security/2005/dsa-798
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://www.debian.org/security/2005/dsa-840
Source: secalert@redhat.com
Mailing List
http://www.debian.org/security/2005/dsa-842
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html
Source: secalert@redhat.com
Broken Link
http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml
Source: secalert@redhat.com
Third Party Advisory
http://www.hardened-php.net/advisory_152005.67.html
Source: secalert@redhat.com
Not Applicable Patch Vendor Advisory
http://www.novell.com/linux/security/advisories/2005_49_php.html
Source: secalert@redhat.com
Broken Link
http://www.redhat.com/support/errata/RHSA-2005-748.html
Source: secalert@redhat.com
Broken Link
http://www.securityfocus.com/archive/1/408125
Source: secalert@redhat.com
Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/14560
Source: secalert@redhat.com
Broken Link Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9569
Source: secalert@redhat.com
Broken Link
http://marc.info/?l=bugtraq&m=112412415822890&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://marc.info/?l=bugtraq&m=112431497300344&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://marc.info/?l=bugtraq&m=112605112027335&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/16431
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/16432
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/16441
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/16460
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/16465
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/16468
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/16469
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/16491
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/16550
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/16558
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/16563
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/16619
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/16635
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/16693
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/16976
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/17053
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/17066
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/17440
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.debian.org/security/2005/dsa-789
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://www.debian.org/security/2005/dsa-798
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://www.debian.org/security/2005/dsa-840
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://www.debian.org/security/2005/dsa-842
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.hardened-php.net/advisory_152005.67.html
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable Patch Vendor Advisory
http://www.novell.com/linux/security/advisories/2005_49_php.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.redhat.com/support/errata/RHSA-2005-748.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.securityfocus.com/archive/1/408125
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/14560
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9569
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link

66 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
4.7%
89th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-94

Affected Vendors

debian gggeek

Related CVEs

CVE-2026-41279 N/A
CVE-2026-41278 N/A
CVE-2026-41277 N/A
CVE-2026-41276 N/A
CVE-2026-41275 N/A