Description

PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.

Remediation

References

CVE-2001-1246

Related Vulnerabilities

WordPress Plugin MW Font Changer Cross-Site Scripting (4.2.5)

MySQL CVE-2016-0665 Vulnerability (CVE-2016-0665)

WordPress Plugin Yoast SEO Security Bypass (1.4.6)

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-7919)

Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-12528)

Severity

High

Classification

CVE-2001-1246 CWE-707

Tags

Missing Update Known Vulnerabilities