CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 1CVE-2001-1246 – PHP 4.x - SafeMode Arbitrary File Execution
https://notcve.org/view.php?id=CVE-2001-1246
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters. • https://www.exploit-db.com/exploits/20985 http://online.securityfocus.com/archive/1/194425 http://www.iss.net/security_center/static/6787.php http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz http://www.redhat.com/support/errata/RHSA-2002-102.html http://www.redhat.com/support/errata/RHSA-2002-129.html http://www.redhat.com/support/errata/RHSA-2003-159.html http://www.securityfocus.com/bid/2954 https://access.redhat.com/security/cve/CVE-2001&# • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •