phpRPC decode function command execution

Added: 03/13/2006
CVE: CVE-2006-1032
BID: 16833
OSVDB: 23514


phpRPC is an xmlrpc library written in PHP supporting most databases.


A vulnerability in the decode function allows a remote attacker to execute arbitrary PHP commands placed inside a <base64> tag.


phpRPC is no longer maintained by the author, so no fix is available. If phpRPC is installed as part of another product, contact the vendor of that product for a fix. Otherwise, remove phpRPC from the server.


Back to exploit index