VDB
CVE-2002-0985
CVE-2002-0985
PUBLISHED
CVSS 7.5 HIGH
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.
EPSS 1.23% · 79.5th percentile
Risk Scores
CVSS v2.0
7.5
EPSS Score
1.23%
79.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| php | php | 4.0 |
| n/a | n/a | n/a |
| openpkg | openpkg | 1.1, 1.2 |
Timeline
- Sep 24, 2002 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
- May 24, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
References
- 20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php) mailing-list
- DSA-168 vendor-advisory
- php-mail-safemode-bypass(9966) vdb
- 20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail() mailing-list
- RHSA-2002:243 vendor-advisory
- RHSA-2003:159 vendor-advisory
- MDKSA-2003:082 vendor-advisory
- CSSA-2003-008.0 vendor-advisory
- SuSE-SA:2002:036 vendor-advisory
- CLA-2002:545 vendor-advisory
- RHSA-2002:213 vendor-advisory
- RHSA-2002:248 vendor-advisory
- RHSA-2002:244 vendor-advisory
- 2111 vdb
- RHSA-2002:214 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2002-0985 advisory