Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2001-1246

PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.

  • Published: Jun 30, 2001
  • Updated: Apr 13, 2023
  • CVE: CVE-2001-1246
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
php / php 4.0.5 4.1.0.x