hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动
文件
df455d7fb554c693cc4ff853ff46b7b8a75fd748
websafe-kb/08-threat-intel/registry/advisories/drupal--CVE-2005-1921.json

115 行
4.5 KiB
JSON
原始文件 Blame 文件历史

{
"canonical_id": "drupal--CVE-2005-1921",
"system_id": "drupal",
"display_name": "Drupal",
"category": "cms",
"advisory_mode": "core",
"title": "CVE-2005-1921",
"summary": "Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.",
"published_at": "2005-07-05T04:00:00.000",
"updated_at": "2025-04-03T01:03:51.193",
"severity": "high",
"cvss_score": 7.5,
"exploit_status": "unknown",
"source_confidence": "official",
"official_source_url": "http://marc.info/?l=bugtraq&m=112008638320145&w=2",
"secondary_source_urls": [
"http://marc.info/?l=bugtraq&m=112015336720867&w=2",
"http://marc.info/?l=bugtraq&m=112605112027335&w=2",
"http://pear.php.net/package/XML_RPC/download/1.3.1",
"http://secunia.com/advisories/15810",
"http://secunia.com/advisories/15852",
"http://secunia.com/advisories/15855",
"http://secunia.com/advisories/15861",
"http://secunia.com/advisories/15872",
"http://secunia.com/advisories/15883",
"http://secunia.com/advisories/15884",
"http://secunia.com/advisories/15895",
"http://secunia.com/advisories/15903",
"http://secunia.com/advisories/15904",
"http://secunia.com/advisories/15916",
"http://secunia.com/advisories/15917",
"http://secunia.com/advisories/15922",
"http://secunia.com/advisories/15944",
"http://secunia.com/advisories/15947",
"http://secunia.com/advisories/15957",
"http://secunia.com/advisories/16001",
"http://secunia.com/advisories/16339",
"http://secunia.com/advisories/16693",
"http://secunia.com/advisories/17440",
"http://secunia.com/advisories/17674",
"http://secunia.com/advisories/18003",
"http://security.gentoo.org/glsa/glsa-200507-01.xml",
"http://security.gentoo.org/glsa/glsa-200507-06.xml",
"http://security.gentoo.org/glsa/glsa-200507-07.xml",
"http://securitytracker.com/id?1015336",
"http://sourceforge.net/project/showfiles.php?group_id=87163",
"http://sourceforge.net/project/shownotes.php?release_id=338803",
"http://www.ampache.org/announce/3_3_1_2.php",
"http://www.debian.org/security/2005/dsa-745",
"http://www.debian.org/security/2005/dsa-746",
"http://www.debian.org/security/2005/dsa-747",
"http://www.debian.org/security/2005/dsa-789",
"http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt",
"http://www.gulftech.org/?node=research&article_id=00087-07012005",
"http://www.hardened-php.net/advisory-022005.php",
"http://www.mandriva.com/security/advisories?name=MDKSA-2005:109",
"http://www.novell.com/linux/security/advisories/2005_18_sr.html",
"http://www.novell.com/linux/security/advisories/2005_41_php_pear.html",
"http://www.novell.com/linux/security/advisories/2005_49_php.html",
"http://www.redhat.com/support/errata/RHSA-2005-564.html",
"http://www.securityfocus.com/archive/1/419064/100/0/threaded",
"http://www.securityfocus.com/bid/14088",
"http://www.vupen.com/english/advisories/2005/2827",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11294",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A350"
],
"aliases": [
"CVE-2005-1921"
],
"cve_ids": [
"CVE-2005-1921"
],
"ghsa_ids": [],
"osv_ids": [],
"affected_versions": [],
"fixed_versions": [],
"package_name": null,
"render_markdown": false,
"case_path": null,
"secure_code_topics": [
"authz-server-side-recheck",
"xss-output-encoding",
"file-upload-validation",
"plugin-extension-trust-policy"
],
"status": "triage",
"triage_reasons": [
"missing affected/fixed version details"
],
"verification_status": "triage-manual",
"verification_mode": "synthetic",
"last_verified_at": null,
"last_run_id": null,
"evidence_bundle": null,
"historical_status": null,
"latest_status": null,
"browser_evidence": {
"required": false,
"present": false,
"refs": []
},
"repro_profile_id": "xss-generic",
"artifact_mode": "official-image",
"blocked_reason": null,
"metadata": {
"source_names": [
"NVD Drupal"
],
"source_kinds": [
"nvd-search"
],
"candidate_count": 1
}
}
在新工单中引用 查看 Git Blame 复制永久链接