Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
PHP Improper Neutralization of Argument Delimiters in a Command (Argument Injection) Vulnerability - CVE-2001-1246 - Vulnerability Database
PHP

PHP Improper Neutralization of Argument Delimiters in a Command (Argument Injection) Vulnerability - CVE-2001-1246

High
Reference: CVE-2001-1246
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2001-1246
Title: PHP Improper Neutralization of Argument Delimiters in a Command (Argument Injection) Vulnerability
Overview:

PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.