Vulnerabilities > CVE-2006-1032 - Remote Code Execution vulnerability in PHPrpc 0.7/0.8/0.9
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Exploit-Db
description phpRPC Library <= 0.7 XML Data Decoding Remote Code Execution. CVE-2006-1032. Webapps exploit for php platform id EDB-ID:1542 last seen 2016-01-31 modified 2006-03-01 published 2006-03-01 reporter LorD source https://www.exploit-db.com/download/1542/ title phpRPC Library <= 0.7 XML Data Decoding Remote Code Execution description phpRPC < 0.7 - Remote Code Execution. CVE-2006-1032. Webapps exploit for PHP platform id EDB-ID:43836 last seen 2018-01-24 modified 2016-02-26 published 2016-02-26 reporter Exploit-DB source https://www.exploit-db.com/download/43836/ title phpRPC < 0.7 - Remote Code Execution
Nessus
NASL family | CGI abuses |
NASL id | RUNCMS_PHPRPC_CODE_INJECTION.NASL |
description | The remote host has installed on it the phpRPC library, an xmlrpc library written in PHP and bundled with applications such as RunCMS and exoops. The version of phpRPC on the remote host fails to sanitize user input to the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 20986 |
published | 2006-02-28 |
reporter | This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/20986 |
title | phpRPC Library rpc_decoder.php decode() Function Arbitrary Code Execution |
code |
|
Saint
bid | 16833 |
description | phpRPC decode function command execution |
id | web_prog_php_phprpc |
osvdb | 23514 |
title | phprpc_decode |
type | remote |
References
- http://secunia.com/advisories/19028
- http://secunia.com/advisories/19058
- http://securityreason.com/securityalert/502
- http://securitytracker.com/id?1015691
- http://www.gulftech.org/?node=research&article_id=00105-02262006
- http://www.securityfocus.com/archive/1/426193
- http://www.securityfocus.com/bid/16833
- http://www.vupen.com/english/advisories/2006/0745