CVE-2002-0985

NameCVE-2002-0985
DescriptionArgument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-168
NVD severityhigh (attack range: remote)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php3source(unstable)3:3.0.18-23.2high
php3sourcewoody3.0.18-23.1woody1highDSA-168
php4source(unstable)4:4.2.3-3high
php4sourcewoody4.1.2-5highDSA-168

Search for package or bug name: Reporting problems