Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.
References
Configurations
History
20 Nov 2024, 23:40
Type | Values Removed | Values Added |
---|---|---|
References | () ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt - Broken Link | |
References | () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545 - Broken Link | |
References | () http://marc.info/?l=bugtraq&m=103011916928204&w=2 - Third Party Advisory | |
References | () http://marc.info/?l=bugtraq&m=105760591228031&w=2 - Third Party Advisory | |
References | () http://www.debian.org/security/2002/dsa-168 - Broken Link, Patch, Vendor Advisory | |
References | () http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082 - Broken Link | |
References | () http://www.novell.com/linux/security/advisories/2002_036_modphp4.html - Broken Link | |
References | () http://www.osvdb.org/2111 - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2002-213.html - Broken Link, Patch, Vendor Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2002-214.html - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2002-243.html - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2002-244.html - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2002-248.html - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2003-159.html - Broken Link | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/9966 - Third Party Advisory, VDB Entry |
13 Feb 2024, 18:00
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:* cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:* cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:* |
cpe:2.3:a:openpkg:openpkg:1.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:*:*:*:*:*:*:*:* cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:* |
References | (DEBIAN) http://www.debian.org/security/2002/dsa-168 - Broken Link, Patch, Vendor Advisory | |
References | (CALDERA) ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt - Broken Link | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2002-248.html - Broken Link | |
References | (CONECTIVA) http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545 - Broken Link | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2002-243.html - Broken Link | |
References | (MANDRAKE) http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082 - Broken Link | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2003-159.html - Broken Link | |
References | (OSVDB) http://www.osvdb.org/2111 - Broken Link | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2002-214.html - Broken Link | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2002-244.html - Broken Link | |
References | (SUSE) http://www.novell.com/linux/security/advisories/2002_036_modphp4.html - Broken Link | |
References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=103011916928204&w=2 - Third Party Advisory | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/9966 - Third Party Advisory, VDB Entry | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2002-213.html - Broken Link, Patch, Vendor Advisory | |
References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=105760591228031&w=2 - Third Party Advisory | |
CWE | CWE-88 | |
First Time |
Openpkg openpkg
Openpkg |
Information
Published : 2002-09-24 04:00
Updated : 2024-11-20 23:40
NVD link : CVE-2002-0985
Mitre link : CVE-2002-0985
CVE.ORG link : CVE-2002-0985
JSON object : View
Products Affected
php
- php
openpkg
- openpkg
CWE
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')