CVE-2001-1246

PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.

Published : 2001-06-30 04:00 Updated : 2008-09-10 19:10

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Php Php 4.0.5 cpe:/a:php:php:4.0.5
  1. Php (1) Search CVE
    1. Php (1) Search CVE
      1. 4.0.5

CWE

There is no CWE for this CVE.

History of changes

Date Event
2001-06-30 04:00

New CVE