Description

Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and create arbitrary files by providing extra -C and -X arguments to sendmail. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE.

Remediation

References

CVE-2006-1014

Related Vulnerabilities

WordPress Improper Input Validation Vulnerability (CVE-2013-4339)

jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5312)

WordPress Plugin Yandex Money button Cross-Site Scripting (2.3.3)

WordPress Plugin The Plus Addons for Elementor Security Bypass (4.1.10)

Atlassian Jira Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2021-26069)

Severity

Low

Classification

CVE-2006-1014

Tags

Missing Update Known Vulnerabilities