7.5
CVE-2002-0985
- EPSS 2.95%
- Veröffentlicht 24.09.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:58:30
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.95% | 0.854 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
http://www.redhat.com/support/errata/RHSA-2003-159.html
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545
http://marc.info/?l=bugtraq&m=103011916928204&w=2
http://marc.info/?l=bugtraq&m=105760591228031&w=2
http://www.debian.org/security/2002/dsa-168
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082
http://www.novell.com/linux/security/advisories/2002_036_modphp4.html
http://www.osvdb.org/2111
http://www.redhat.com/support/errata/RHSA-2002-213.html
http://www.redhat.com/support/errata/RHSA-2002-214.html
http://www.redhat.com/support/errata/RHSA-2002-243.html
http://www.redhat.com/support/errata/RHSA-2002-244.html
http://www.redhat.com/support/errata/RHSA-2002-248.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/9966