CVE-2002-0985

PHP 4.0-4.2.2 - Argument Injection via mail() Function

Title source: llm
STIX 2.1

Description

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.

References (15)

Core 15
Core References
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/2111
Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105760591228031&w=2
Broken Link, Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2002/dsa-168
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/9966
Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=103011916928204&w=2
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-243.html
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-159.html
Broken Link vendor-advisory x_refsource_mandrake
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082
Broken Link vendor-advisory x_refsource_caldera
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt
Broken Link vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2002_036_modphp4.html
Broken Link vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545
Broken Link, Patch, Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-213.html
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-248.html
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-244.html
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-214.html

Scores

EPSS 0.0123
EPSS Percentile 79.4%

Details

CWE
CWE-88
Status published
Products (3)
openpkg/openpkg 1.1
openpkg/openpkg 1.2
php/php 4.0 - 4.2.2
Published Sep 24, 2002
Tracked Since Feb 18, 2026