3 matches found
CVE-2002-0985
CVE-2002-0985 : Argument injection vulnerability in PHP 4.x mail() up to 4.2.2 may bypass safe_mode and alter the MTA command-line arguments (e.g., the 5th argument), potentially changing MTA behavior and enabling command execution. OpenVAS and Debian advisories confirm the issue affects PHP4.x a...
PHP Mail Function Header Spoofing
The remote host is running a version of PHP prior or equal to 4.2.2. The mail function does not properly sanitize user input. This allows users to forge email to make it look like it is coming from a different source other than the server. Users can exploit this even if SAFEMODE is enabled...
CVE-2002-0985
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA e.g. sendmail in the 5th argument to mail, altering MTA behavior and possibly executing commands...