CVE-2006-1014

PHP - Argument Injection via mb_send_mail Additional Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1014. PoCs published by [email protected].

AI-analyzed exploit summary The code snippet describes a vulnerability in PHP's 'mb_send_mail()' and 'mail()' functions, as well as IMAP functions, which could bypass 'safe_mode' and 'open_basedir' restrictions. It provides a minimal example of the vulnerable function call but lacks executable exploit code.

Description

Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and create arbitrary files by providing extra -C and -X arguments to sendmail. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE.

Exploits (1)

exploitdb WRITEUP VERIFIED
by [email protected] · textlocalphp
https://www.exploit-db.com/exploits/27335

The code snippet describes a vulnerability in PHP's 'mb_send_mail()' and 'mail()' functions, as well as IMAP functions, which could bypass 'safe_mode' and 'open_basedir' restrictions. It provides a minimal example of the vulnerable function call but lacks executable exploit code.

Classification
Writeup 80%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Theoretical
Target: PHP (versions affected by CVE-2006-1014)
No auth needed
Prerequisites: PHP installation with 'safe_mode' or 'open_basedir' enabled
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0772
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/23534
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16878
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/426342/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19979
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/05-05-2006.html
Exploit, Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18694

Scores

EPSS 0.0130
EPSS Percentile 67.2%

Details

Status published
Products (21)
php/php 4.0.0
php/php 4.2
php/php 4.3.3
php/php 4.3.4
php/php 4.3.5
php/php 4.3.6
php/php 4.3.7
php/php 4.3.8
php/php 4.3.9
php/php 4.3.10
... and 11 more
Published Mar 07, 2006
Tracked Since Feb 18, 2026