| VID |
21882 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpRPC library is vulnerable to a remote code execution vulnerability via the 'server.php' script. phpRPC is an xmlrpc library written in PHP and bundled with applications such as RunCms and exoops. phpRPC version 0.9 and earlier versions could allow a remote attacker to execute arbitrary code on the system, caused by a vulnerability within the "decode()" function in the rpc_decoder.php script when decoding received XML data. By sending a specially-crafted XML request to the server.php script, a remote attacker could exploit this vulnerability to execute arbitrary code on the affected host.
* References:
http://www.gulftech.org/?node=research&article_id=00105-02262006
http://www.securityfocus.com/archive/1/426193/30/0/threaded
http://secunia.com/advisories/19028/
http://secunia.com/advisories/19058/
* Platforms Affected:
SourceForge Project, phpRPC version 0.9 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to a latest version of phpRPC Library from the phpRPC Web site at http://sourceforge.net/projects/phprpc/ |
| Related URL |
CVE-2006-1032 (CVE) |
| Related URL |
16833 (SecurityFocus) |
| Related URL |
24967 (ISS) |
|
