CVE-2001-1246

PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.
Configurations

Configuration 1 (hide)

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

History

20 Nov 2024, 23:37

Type Values Removed Values Added
References () http://online.securityfocus.com/archive/1/194425 - Broken Link, Third Party Advisory, VDB Entry () http://online.securityfocus.com/archive/1/194425 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.iss.net/security_center/static/6787.php - Broken Link, Patch, Vendor Advisory () http://www.iss.net/security_center/static/6787.php - Broken Link, Patch, Vendor Advisory
References () http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz - Broken Link () http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2002-102.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2002-102.html - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2002-129.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2002-129.html - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2003-159.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2003-159.html - Broken Link
References () http://www.securityfocus.com/bid/2954 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/2954 - Broken Link, Third Party Advisory, VDB Entry

14 Feb 2024, 15:17

Type Values Removed Values Added
CWE NVD-CWE-Other CWE-88
CPE cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:* cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
References (XF) http://www.iss.net/security_center/static/6787.php - Patch, Vendor Advisory (XF) http://www.iss.net/security_center/static/6787.php - Broken Link, Patch, Vendor Advisory
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2002-102.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2002-102.html - Broken Link
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2003-159.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2003-159.html - Broken Link
References (BID) http://www.securityfocus.com/bid/2954 - (BID) http://www.securityfocus.com/bid/2954 - Broken Link, Third Party Advisory, VDB Entry
References (CONFIRM) http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz - (CONFIRM) http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz - Broken Link
References (BUGTRAQ) http://online.securityfocus.com/archive/1/194425 - (BUGTRAQ) http://online.securityfocus.com/archive/1/194425 - Broken Link, Third Party Advisory, VDB Entry
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2002-129.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2002-129.html - Broken Link

Information

Published : 2001-06-30 04:00

Updated : 2024-11-20 23:37


NVD link : CVE-2001-1246

Mitre link : CVE-2001-1246

CVE.ORG link : CVE-2001-1246


JSON object : View

Products Affected

php

  • php
CWE
CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')