Description

PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.

Remediation

References

CVE-2001-1246

Related Vulnerabilities

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5508)

WordPress Plugin Royal Gallery Cross-Site Scripting (2.0)

Oracle JRE CVE-2012-5079 Vulnerability (CVE-2012-5079)

MySQL CVE-2018-2758 Vulnerability (CVE-2018-2758)

MySQL CVE-2015-4910 Vulnerability (CVE-2015-4910)

Severity

High

Classification

CVE-2001-1246

Tags

Missing Update Known Vulnerabilities