Arbitrary Command Execution Vulnerability in PHP 4.0.5 - 4.1.0

Arbitrary Command Execution Vulnerability in PHP 4.0.5 - 4.1.0

CVE-2001-1246 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.

Learn more about our User Device Pen Test.