PHP 4.x/5.0/5.1 with Sendmail Mail Function additional_parameters - Argument Arbitrary File Creation

2006-02-28T00:00:00
ID EDB-ID:27334
Type exploitdb
Reporter ced.clerget@free.fr
Modified 2006-02-28T00:00:00

Description

PHP 4.x/5.0/5.1 w/ Sendmail Mail Function additional_parameters Argument Arbitrary File Creation. CVE-2006-1015. Local exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/16878/info

PHP is prone to multiple input-validation vulnerabilities that could allow 'safe_mode' and 'open_basedir' security settings to be bypassed. These issues reside in the 'mb_send_mail()' function, the 'mail()' function, and various PHP IMAP functions.

$additional_param = "-C ".$file_to_read." -X ".getcwd()."/".$output_file;