CVE-2005-1921

Exp

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.

Published: 2005-07-05 Last update: 2026-04-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2005-1921 is rated High Exploit Risk (74.8/100): CVSS High severity, with high exploitation likelihood (EPSS 79.07%, 100th percentile). 5 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2005-1921

EDB-ID Source Kind Published Link
43829 exploit_db edb 2015-07-02 Exploit-DB ↗
16882 exploit_db edb 2010-07-25 Exploit-DB ↗
1084 exploit_db edb 2005-07-04 Exploit-DB ↗
1083 exploit_db edb 2005-07-04 Exploit-DB ↗
1078 exploit_db edb 2005-07-01 Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2005-1921

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 86.15% 79.07% -7.08%
2 2025-10-27 86.90% 86.15% -0.74%
3 2025-03-29 86.90%

Full EPSS history (9 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2005-1921

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.5 2.0 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
 10.0 6.4 [email protected]

Weakness enumeration for CVE-2005-1921

OS Trackers for CVE-2005-1921

vendor priority summary link
redhat high https://access.redhat.com/security/cve/CVE-2005-1921
ubuntu medium CVE-2005-1921 medium priority: Ubuntu including 4 source packages (egroupware, php4, php5, phpwiki), 16 status rows across 4 suites (dapper, edgy, feisty, upstream): released 6, not-affected 5, needs-triage 4, DNE 1. https://ubuntu.com/security/CVE-2005-1921

Affected software / configurations for CVE-2005-1921

Vendor Product Version Raw CPE
php xml_rpc <= 1.3.0 cpe:2.3:a:php:xml_rpc:*:*:*:*:*:pear:*:*
gggeek phpxmlrpc <= 1.1 cpe:2.3:a:gggeek:phpxmlrpc:*:*:*:*:*:*:*:*
drupal drupal < 4.5.4 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
drupal drupal >= 4.6.0, < 4.6.2 cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
tiki tikiwiki_cms\/groupware < 1.8.5 cpe:2.3:a:tiki:tikiwiki_cms\/groupware:*:*:*:*:*:*:*:*
debian debian_linux 3.1 cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

References for CVE-2005-1921

URL Tags
http://marc.info/?l=bugtraq&m=112008638320145&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=112015336720867&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=112605112027335&w=2 Third Party Advisory
http://pear.php.net/package/XML_RPC/download/1.3.1 Patch Product
http://secunia.com/advisories/15810 Broken Link
http://secunia.com/advisories/15852 Broken Link
http://secunia.com/advisories/15855 Broken Link
http://secunia.com/advisories/15861 Broken Link
http://secunia.com/advisories/15872 Broken Link
http://secunia.com/advisories/15883 Broken Link
http://secunia.com/advisories/15884 Broken Link
http://secunia.com/advisories/15895 Broken Link
http://secunia.com/advisories/15903 Broken Link
http://secunia.com/advisories/15904 Broken Link
http://secunia.com/advisories/15916 Broken Link
http://secunia.com/advisories/15917 Broken Link
http://secunia.com/advisories/15922 Broken Link
http://secunia.com/advisories/15944 Broken Link
http://secunia.com/advisories/15947 Broken Link
http://secunia.com/advisories/15957 Broken Link
http://secunia.com/advisories/16001 Broken Link
http://secunia.com/advisories/16339 Broken Link
http://secunia.com/advisories/16693 Broken Link
http://secunia.com/advisories/17440 Broken Link
http://secunia.com/advisories/17674 Broken Link
http://secunia.com/advisories/18003 Broken Link
http://security.gentoo.org/glsa/glsa-200507-01.xml Third Party Advisory
http://security.gentoo.org/glsa/glsa-200507-06.xml Third Party Advisory
http://security.gentoo.org/glsa/glsa-200507-07.xml Third Party Advisory
http://securitytracker.com/id?1015336 Broken Link Third Party Advisory VDB Entry
http://sourceforge.net/project/showfiles.php?group_id=87163 Product
http://sourceforge.net/project/shownotes.php?release_id=338803 Broken Link
http://www.ampache.org/announce/3_3_1_2.php Broken Link
http://www.debian.org/security/2005/dsa-745 Mailing List Third Party Advisory
http://www.debian.org/security/2005/dsa-746 Mailing List Third Party Advisory
http://www.debian.org/security/2005/dsa-747 Mailing List Third Party Advisory
http://www.debian.org/security/2005/dsa-789 Mailing List Third Party Advisory
http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt Third Party Advisory
http://www.gulftech.org/?node=research&article_id=00087-07012005 Not Applicable Vendor Advisory
http://www.hardened-php.net/advisory-022005.php Not Applicable
http://www.mandriva.com/security/advisories?name=MDKSA-2005:109 Patch Third Party Advisory Vendor Advisory
http://www.novell.com/linux/security/advisories/2005_18_sr.html Broken Link
http://www.novell.com/linux/security/advisories/2005_41_php_pear.html Broken Link
http://www.novell.com/linux/security/advisories/2005_49_php.html Broken Link
http://www.redhat.com/support/errata/RHSA-2005-564.html Broken Link
http://www.securityfocus.com/archive/1/419064/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/14088 Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2005/2827 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11294 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A350 Broken Link
cvelogic Threat Intelligence