Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag.
http://www.vupen.com/english/advisories/2006/0745
http://www.securityfocus.com/bid/16833
http://www.securityfocus.com/archive/1/426193
http://www.gulftech.org/?node=research&article_id=00105-02262006
http://securitytracker.com/id?1015691
http://securityreason.com/securityalert/502