7.5

CVE-2002-0985

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version >= 4.0 <= 4.2.2
OpenpkgOpenpkg Version1.1
OpenpkgOpenpkg Version1.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.95% 0.854
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

http://www.redhat.com/support/errata/RHSA-2003-159.html
Broken Link
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt
Broken Link
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545
Broken Link
http://marc.info/?l=bugtraq&m=103011916928204&w=2
Third Party Advisory
http://marc.info/?l=bugtraq&m=105760591228031&w=2
Third Party Advisory
http://www.debian.org/security/2002/dsa-168
Patch
Vendor Advisory
Broken Link
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082
Broken Link
http://www.novell.com/linux/security/advisories/2002_036_modphp4.html
Broken Link
http://www.osvdb.org/2111
Broken Link
http://www.redhat.com/support/errata/RHSA-2002-213.html
Patch
Vendor Advisory
Broken Link
http://www.redhat.com/support/errata/RHSA-2002-214.html
Broken Link
http://www.redhat.com/support/errata/RHSA-2002-243.html
Broken Link
http://www.redhat.com/support/errata/RHSA-2002-244.html
Broken Link
http://www.redhat.com/support/errata/RHSA-2002-248.html
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/9966
Third Party Advisory
VDB Entry