CVE-2001-1246

PHP <4.2 - Command Injection

Title source: llm

Description

PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Wojciech Purczynski · phplocalphp

https://www.exploit-db.com/exploits/20985

View Code ZIP pw:eip

References (7)

[Broken Link] http://www.redhat.com/support/errata/RHSA-2003-159.html

[Broken Link] http://www.redhat.com/support/errata/RHSA-2002-129.html

[Broken Link, Patch, Vendor Advisory] http://www.iss.net/security_center/static/6787.php

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/2954

[Broken Link, Third Party Advisory, VDB Entry] http://online.securityfocus.com/archive/1/194425

[Broken Link] http://www.redhat.com/support/errata/RHSA-2002-102.html

[Broken Link] http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz

Scores

EPSS 0.0541

EPSS Percentile 90.2%

Details

CWE

CWE-88

Status published

Products (1)

php/php 4.0.5 - 4.1.0

Published Jun 30, 2001

Tracked Since Feb 18, 2026