CVE-2001-1246

N/A Unknown

Published: June 30, 2001 Modified: April 16, 2026

Description

PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://online.securityfocus.com/archive/1/194425

Source: cve@mitre.org

Broken Link Third Party Advisory VDB Entry

http://www.iss.net/security_center/static/6787.php

Source: cve@mitre.org

Broken Link Patch Vendor Advisory

http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz

Source: cve@mitre.org

Broken Link

http://www.redhat.com/support/errata/RHSA-2002-102.html

Source: cve@mitre.org

Broken Link

http://www.redhat.com/support/errata/RHSA-2002-129.html

Source: cve@mitre.org

Broken Link

http://www.redhat.com/support/errata/RHSA-2003-159.html

Source: cve@mitre.org

Broken Link

http://www.securityfocus.com/bid/2954

Source: cve@mitre.org

Broken Link Third Party Advisory VDB Entry

http://online.securityfocus.com/archive/1/194425