Is CVE-2005-1921 actively exploited?

CVE-2005-1921 has no public evidence of in-the-wild exploitation as of 2025-04-03.

What is the CVSS score for CVE-2005-1921?

CVE-2005-1921 has a CVSS score of 7.5 (UNKNOWN severity). Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P.

How do I patch CVE-2005-1921?

Patch guidance is available from php security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2005-1921.

CVE-2005-1921 - remediation guidance & executive summary

Q: Which products are affected by CVE-2005-1921?

6 products: php xml rpc, gggeek phpxmlrpc, drupal drupal, drupal drupal, tiki tikiwiki cms\/groupware, and 1 more.

Description

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

CVSS Metrics

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector: network
Access Cmplx: low
Auth: none
Confidentiality: partial
Integrity: partial
Availability: partial
Weaknesses: CWE-94 · Code Injection

Metadata

Primary Vendor: PHP
Published: 7/5/2005
Last Modified: 4/3/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

php : xml_rpcgggeek : phpxmlrpcdrupal : drupaldrupal : drupaltiki : tikiwiki_cms\/groupwaredebian : debian_linux

Remediation Guidance

Executive Summary

View on NIST NVD