CVE-2001-1246 — Vulnetix

CVE-2001-1246 PUBLISHED

Reported by mitre · Published June 25, 2002

PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
n/a	n/a	n/a, n/a, n/a

Timeline

Jun 30, 2001 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Oct 27, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 3, 2023 EPSS Score
Jul 17, 2023 EPSS Score
Sep 8, 2023 EPSS Score
Oct 31, 2023 EPSS Score

References

RHSA-2003:159 vendor-advisoryx_refsource_REDHAT
RHSA-2002:129 vendor-advisoryx_refsource_REDHAT
php-safemode-elevate-privileges(6787) vdb-entryx_refsource_XF
2954 vdb-entryx_refsource_BID
20010630 php breaks safe mode mailing-listx_refsource_BUGTRAQ
RHSA-2002:102 vendor-advisoryx_refsource_REDHAT
x_refsource_CONFIRM

Open in Interactive Console →