CVE-2006-1014
CVE-2006-1014
Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and create arbitrary files by providing extra -C and -X arguments to sendmail. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/27335unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://secunia.com/advisories/18694http://secunia.com/advisories/19979http://www.novell.com/linux/security/advisories/05-05-2006.htmlhttp://www.osvdb.org/23534http://www.securityfocus.com/archive/1/426342/100/0/threadedhttp://www.securityfocus.com/bid/16878http://www.vupen.com/english/advisories/2006/0772