Description

Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and create arbitrary files by providing extra -C and -X arguments to sendmail. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE.

Remediation

References

CVE-2006-1014

Related Vulnerabilities

WordPress Plugin WP Mobile Detector Unspecified Vulnerability (2.1)

WordPress Plugin Chamber Dashboard Business Directory Cross-Site Scripting (3.2.8)

WordPress Plugin Sidebar Adder 2 Cross-Site Scripting (2.0.0)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5479)

WordPress Possible SQL Injection Vulnerability (0.70 - 3.6.1)

Severity

Low

Classification

CVE-2006-1014

Tags

Missing Update Known Vulnerabilities