Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2001-1246 | First vendor Publication | 2001-06-30 |
Vendor | Cve | Last vendor Modification | 2024-11-20 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1246 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-6 | Argument Injection |
CAPEC-15 | Command Delimiters |
CAPEC-41 | Using Meta-characters in E-mail Headers to Inject Malicious Payloads |
CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
CAPEC-88 | OS Command Injection |
CAPEC-108 | Command Line Execution through SQL Injection |
CAPEC-133 | Try All Common Application Switches and Options |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-88 | Argument Injection or Modification |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
579 | PHP Safe Mode mail() Function 5th Parameter Arbitrary Command Execution |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2002-059.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2002-129.nasl - Type : ACT_GATHER_INFO |
2001-07-02 | Name : Arbitrary commands may be run on the remote server. File : php_safe_mode.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-11-28 23:24:24 |
|
2024-11-28 12:04:47 |
|
2024-08-02 12:02:01 |
|
2024-08-02 01:01:17 |
|
2024-02-14 21:28:30 |
|
2024-02-02 01:01:49 |
|
2024-02-01 12:01:18 |
|
2023-09-05 12:01:45 |
|
2023-09-05 01:01:09 |
|
2023-09-02 12:01:46 |
|
2023-09-02 01:01:10 |
|
2023-08-12 12:02:07 |
|
2023-08-12 01:01:10 |
|
2023-08-11 12:01:50 |
|
2023-08-11 01:01:11 |
|
2023-08-06 12:01:41 |
|
2023-08-06 01:01:11 |
|
2023-08-04 12:01:45 |
|
2023-08-04 01:01:10 |
|
2023-07-14 12:01:43 |
|
2023-07-14 01:01:11 |
|
2023-03-29 01:01:42 |
|
2023-03-28 12:01:16 |
|
2022-10-11 12:01:32 |
|
2022-10-11 01:01:03 |
|
2021-05-04 12:01:31 |
|
2021-04-22 01:01:40 |
|
2020-05-23 00:14:48 |
|
2019-06-08 12:01:05 |
|
2014-02-17 10:24:12 |
|
2013-05-11 12:06:40 |
|