CVE-2002-0985

NameCVE-2002-0985
DescriptionArgument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-168
NVD severityhigh

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php3sourcewoody3.0.18-23.1woody1DSA-168
php3source(unstable)3:3.0.18-23.2
php4sourcewoody4.1.2-5DSA-168
php4source(unstable)4:4.2.3-3

Search for package or bug name: Reporting problems