DescriptionArgument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and create arbitrary files by providing extra -C and -X arguments to sendmail. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SA:2006:024, published Fri, 05 May 2006 16:00:00 +0000
SUSE Timeline for this CVECVE page created: Fri Jun 28 01:49:09 2013
CVE page last modified: Fri Oct 7 12:45:32 2022