Description

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.

Remediation

References

CVE-2002-0985

Related Vulnerabilities

WordPress Plugin SEO Backdoor (5.0)

MySQL CVE-2014-6520 Vulnerability (CVE-2014-6520)

WordPress Plugin Tera Charts Multiple Local File Inclusion Vulnerabilities (0.1)

Rukovoditel Cross-site Scripting (XSS) Vulnerability (CVE-2019-7541)

phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-6046)

Severity

High

Classification

CVE-2002-0985 CWE-707

Tags

Missing Update Known Vulnerabilities