CVE-2001-1246
First published: Sat Jun 30 2001(Updated: )
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHP PHP | =4.0.5 | |
| PHP PHP | >=4.0.5<=4.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.iss.net/security_center/static/6787.php
- http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz
- http://online.securityfocus.com/archive/1/194425
- http://www.redhat.com/support/errata/RHSA-2002-102.html
- http://www.redhat.com/support/errata/RHSA-2002-129.html
- http://www.redhat.com/support/errata/RHSA-2003-159.html
- http://www.securityfocus.com/bid/2954
- collector/nvd-historical
- collector/nvd-index
- agent/first-publish-date
- agent/type
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/remedy
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/softwarecombine
- agent/description
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/php
- canonical/php php
- version/php php/4.0.5
- version/php php/4.1.0