更新: 2423 个文件 - 2026-03-18 14:23:01
这个提交包含在:
hao
@@ -0,0 +1,114 @@
|
||||
{
|
||||
"canonical_id": "drupal--CVE-2005-1921",
|
||||
"system_id": "drupal",
|
||||
"display_name": "Drupal",
|
||||
"category": "cms",
|
||||
"advisory_mode": "core",
|
||||
"title": "CVE-2005-1921",
|
||||
"summary": "Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.",
|
||||
"published_at": "2005-07-05T04:00:00.000",
|
||||
"updated_at": "2025-04-03T01:03:51.193",
|
||||
"severity": "high",
|
||||
"cvss_score": 7.5,
|
||||
"exploit_status": "unknown",
|
||||
"source_confidence": "official",
|
||||
"official_source_url": "http://marc.info/?l=bugtraq&m=112008638320145&w=2",
|
||||
"secondary_source_urls": [
|
||||
"http://marc.info/?l=bugtraq&m=112015336720867&w=2",
|
||||
"http://marc.info/?l=bugtraq&m=112605112027335&w=2",
|
||||
"http://pear.php.net/package/XML_RPC/download/1.3.1",
|
||||
"http://secunia.com/advisories/15810",
|
||||
"http://secunia.com/advisories/15852",
|
||||
"http://secunia.com/advisories/15855",
|
||||
"http://secunia.com/advisories/15861",
|
||||
"http://secunia.com/advisories/15872",
|
||||
"http://secunia.com/advisories/15883",
|
||||
"http://secunia.com/advisories/15884",
|
||||
"http://secunia.com/advisories/15895",
|
||||
"http://secunia.com/advisories/15903",
|
||||
"http://secunia.com/advisories/15904",
|
||||
"http://secunia.com/advisories/15916",
|
||||
"http://secunia.com/advisories/15917",
|
||||
"http://secunia.com/advisories/15922",
|
||||
"http://secunia.com/advisories/15944",
|
||||
"http://secunia.com/advisories/15947",
|
||||
"http://secunia.com/advisories/15957",
|
||||
"http://secunia.com/advisories/16001",
|
||||
"http://secunia.com/advisories/16339",
|
||||
"http://secunia.com/advisories/16693",
|
||||
"http://secunia.com/advisories/17440",
|
||||
"http://secunia.com/advisories/17674",
|
||||
"http://secunia.com/advisories/18003",
|
||||
"http://security.gentoo.org/glsa/glsa-200507-01.xml",
|
||||
"http://security.gentoo.org/glsa/glsa-200507-06.xml",
|
||||
"http://security.gentoo.org/glsa/glsa-200507-07.xml",
|
||||
"http://securitytracker.com/id?1015336",
|
||||
"http://sourceforge.net/project/showfiles.php?group_id=87163",
|
||||
"http://sourceforge.net/project/shownotes.php?release_id=338803",
|
||||
"http://www.ampache.org/announce/3_3_1_2.php",
|
||||
"http://www.debian.org/security/2005/dsa-745",
|
||||
"http://www.debian.org/security/2005/dsa-746",
|
||||
"http://www.debian.org/security/2005/dsa-747",
|
||||
"http://www.debian.org/security/2005/dsa-789",
|
||||
"http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt",
|
||||
"http://www.gulftech.org/?node=research&article_id=00087-07012005",
|
||||
"http://www.hardened-php.net/advisory-022005.php",
|
||||
"http://www.mandriva.com/security/advisories?name=MDKSA-2005:109",
|
||||
"http://www.novell.com/linux/security/advisories/2005_18_sr.html",
|
||||
"http://www.novell.com/linux/security/advisories/2005_41_php_pear.html",
|
||||
"http://www.novell.com/linux/security/advisories/2005_49_php.html",
|
||||
"http://www.redhat.com/support/errata/RHSA-2005-564.html",
|
||||
"http://www.securityfocus.com/archive/1/419064/100/0/threaded",
|
||||
"http://www.securityfocus.com/bid/14088",
|
||||
"http://www.vupen.com/english/advisories/2005/2827",
|
||||
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11294",
|
||||
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A350"
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2005-1921"
|
||||
],
|
||||
"cve_ids": [
|
||||
"CVE-2005-1921"
|
||||
],
|
||||
"ghsa_ids": [],
|
||||
"osv_ids": [],
|
||||
"affected_versions": [],
|
||||
"fixed_versions": [],
|
||||
"package_name": null,
|
||||
"render_markdown": false,
|
||||
"case_path": null,
|
||||
"secure_code_topics": [
|
||||
"authz-server-side-recheck",
|
||||
"xss-output-encoding",
|
||||
"file-upload-validation",
|
||||
"plugin-extension-trust-policy"
|
||||
],
|
||||
"status": "triage",
|
||||
"triage_reasons": [
|
||||
"missing affected/fixed version details"
|
||||
],
|
||||
"verification_status": "triage-manual",
|
||||
"verification_mode": "synthetic",
|
||||
"last_verified_at": null,
|
||||
"last_run_id": null,
|
||||
"evidence_bundle": null,
|
||||
"historical_status": null,
|
||||
"latest_status": null,
|
||||
"browser_evidence": {
|
||||
"required": false,
|
||||
"present": false,
|
||||
"refs": []
|
||||
},
|
||||
"repro_profile_id": "xss-generic",
|
||||
"artifact_mode": "official-image",
|
||||
"blocked_reason": null,
|
||||
"metadata": {
|
||||
"source_names": [
|
||||
"NVD Drupal"
|
||||
],
|
||||
"source_kinds": [
|
||||
"nvd-search"
|
||||
],
|
||||
"candidate_count": 1
|
||||
}
|
||||
}
|
||||
在新工单中引用
屏蔽一个用户