CVE-2001-1246

PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.

Published Bycve@mitre.org

Published DateJun 30, 2001, 04:00

Weakness Type (CWE):CWE-88

CVSS Metrics

Base Score

7.5

Vector String

AV:N/AC:L/Au:N/C:P/I:P/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

PARTIAL

References

http://online.securityfocus.com/archive/1/194425
http://www.iss.net/security_center/static/6787.php
http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz
http://www.redhat.com/support/errata/RHSA-2002-102.html
http://www.redhat.com/support/errata/RHSA-2002-129.html
http://www.redhat.com/support/errata/RHSA-2003-159.html
http://www.securityfocus.com/bid/2954

Weakness Type (CWE):CWE-88

CVSS Metrics

Base Score

7.5

Vector String

AV:N/AC:L/Au:N/C:P/I:P/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

PARTIAL