Description
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.
Remediation
References
Related Vulnerabilities
Envoy Proxy Use of Incorrectly-Resolved Name or Reference Vulnerability (CVE-2019-9901)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-8624)
Drupal Core 7.x Security Bypass (7.0 - 7.87)
TYPO3 Deserialization of Untrusted Data Vulnerability (CVE-2020-11067)
WordPress Plugin WP-Members Membership Cross-Site Scripting (3.1.7)