CVE-2001-1246

PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://online.securityfocus.com/archive/1/194425	Broken Link Third Party Advisory VDB Entry
http://www.iss.net/security_center/static/6787.php	Broken Link Patch Vendor Advisory
http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz	Broken Link
http://www.redhat.com/support/errata/RHSA-2002-102.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2002-129.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2003-159.html	Broken Link
http://www.securityfocus.com/bid/2954	Broken Link Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2001-06-30 04:00

Updated : 2024-02-14 15:17

NVD link : CVE-2001-1246

Mitre link : CVE-2001-1246

CVE.ORG link : CVE-2001-1246

JSON object : View

Products Affected

php

php

CWE

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

{"id": "CVE-2001-1246", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2001-06-30T04:00:00.000", "references": [{"url": "http://online.securityfocus.com/archive/1/194425", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.iss.net/security_center/static/6787.php", "tags": ["Broken Link", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2002-102.html", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2002-129.html", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-159.html", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/2954", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-88"}]}], "descriptions": [{"lang": "en", "value": "PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters."}], "lastModified": "2024-02-14T15:17:03.503", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF5EFBC9-2F17-44CD-8298-3D0BA0B48F4C", "versionEndIncluding": "4.1.0", "versionStartIncluding": "4.0.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}