| VID |
21649 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Drupal is vulnerable an arbitrary PHP code execution vulnerability in its bundled XML-RPC library. Drupal is an open-source content management system written in PHP, and XML-RPC is a library for open-source code for PHP users. Drupal versions prior to 4.5.4 and 4.6.2 and PEAR XML-RPC versions prior to 1.3.1 could allow a remote attacker to execute arbitrary PHP code, caused by a vulnerability in its bundled XML-RPC library. A remote attacker could exploit this vulnerability to execute arbitrary PHP code on a target system.
* References:
http://secunia.com/advisories/15872/
http://www.securitytracker.com/alerts/2005/Jun/1014327.html
* Platforms Affected:
Drupal versions prior to 4.5.4
Drupal versions prior to 4.6.2
PEAR XML_RPC versions prior to 1.3.1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Drupal (4.5.4 or 4.6.2 or later), available from the Drupal Web site at http://drupal.org/project/drupal |
| Related URL |
CVE-2005-1921 (CVE) |
| Related URL |
14088 (SecurityFocus) |
| Related URL |
21194 (ISS) |
|
