PHP 4.x/5.0/5.1 with Sendmail Mail Function - 'additional_param' Arbitrary File Creation
| EKU-ID: 32626 | CVE: CVE-2006-1015;OSVDB-25270 | OSVDB-ID: |
| Author: ced.clerget@free.fr | Published: 2006-02-28 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 32626 | CVE: CVE-2006-1015;OSVDB-25270 | OSVDB-ID: |
| Author: ced.clerget@free.fr | Published: 2006-02-28 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/16878/info PHP is prone to multiple input-validation vulnerabilities that could allow 'safe_mode' and 'open_basedir' security settings to be bypassed. These issues reside in the 'mb_send_mail()' function, the 'mail()' function, and various PHP IMAP functions. $additional_param = "-C ".$file_to_read." -X ".getcwd()."/".$output_file;