CVE-2002-0985
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/09/2002
Last modified:
13/02/2024
Description
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* | 4.0 (including) | 4.2.2 (including) |
cpe:2.3:a:openpkg:openpkg:1.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545
- http://marc.info/?l=bugtraq&m=103011916928204&w=2
- http://marc.info/?l=bugtraq&m=105760591228031&w=2
- http://www.debian.org/security/2002/dsa-168
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003%3A082
- http://www.novell.com/linux/security/advisories/2002_036_modphp4.html
- http://www.osvdb.org/2111
- http://www.redhat.com/support/errata/RHSA-2002-213.html
- http://www.redhat.com/support/errata/RHSA-2002-214.html
- http://www.redhat.com/support/errata/RHSA-2002-243.html
- http://www.redhat.com/support/errata/RHSA-2002-244.html
- http://www.redhat.com/support/errata/RHSA-2002-248.html
- http://www.redhat.com/support/errata/RHSA-2003-159.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/9966