PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2002-06-25T04:00:00
Updated: 2024-08-08T04:51:08.236Z
Reserved: 2002-05-01T00:00:00
Link: CVE-2001-1246
Vulnrichment
No data.
NVD
Status : Modified
Published: 2001-06-30T04:00:00.000
Modified: 2024-11-20T23:37:14.460
Link: CVE-2001-1246
Redhat