Rapid7 Vulnerability & Exploit Database

PHP Mail Header Spoofing Vulnerability

Back to Search

PHP Mail Header Spoofing Vulnerability

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
09/24/2002
Created
07/25/2018
Added
11/01/2004
Modified
05/27/2016

Description

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.

Solution(s)

  • php-upgrade-4_2_3

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;