header-logo
Suggest Exploit
vendor:
PHP
by:
SecurityFocus
7.5
CVSS
HIGH
Multiple Input Validation Vulnerabilities
20
CWE
Product Name: PHP
Affected Version From: PHP 4.3.10
Affected Version To: PHP 5.1.2
Patch Exists: YES
Related CWE: CVE-2005-3390
CPE: a:php:php
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2005

PHP Multiple Input Validation Vulnerabilities

PHP is prone to multiple input-validation vulnerabilities that could allow 'safe_mode' and 'open_basedir' security settings to be bypassed. These issues reside in the 'mb_send_mail()' function, the 'mail()' function, and various PHP IMAP functions. An attacker can exploit these issues to bypass security restrictions and execute arbitrary code with the privileges of the user running the affected application.

Mitigation:

No known mitigation
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/16878/info
 
PHP is prone to multiple input-validation vulnerabilities that could allow 'safe_mode' and 'open_basedir' security settings to be bypassed. These issues reside in the 'mb_send_mail()' function, the 'mail()' function, and various PHP IMAP functions.

mb_send_mail($email_address, NULL, NULL, NULL, $additional_param);