phpRPC decode function command execution

Added: 03/13/2006
CVE: CVE-2006-1032
BID: 16833
OSVDB: 23514

Background

phpRPC is an xmlrpc library written in PHP supporting most databases.

Problem

A vulnerability in the decode function allows a remote attacker to execute arbitrary PHP commands placed inside a <base64> tag.

Resolution

phpRPC is no longer maintained by the author, so no fix is available. If phpRPC is installed as part of another product, contact the vendor of that product for a fix. Otherwise, remove phpRPC from the server.

References

http://archives.neohapsis.com/archives/bugtraq/2006-02/0507.html

Back to exploit index