CVE: CVE-2002-0985

Export to Word

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.01459
Percentile: 0.79972

CVSS Scoring

CVSS v2 Score: 7.5

Severity:

Mapped CWE(s)

CWE-88 : Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

All CAPEC(s)

CAPEC-137: Parameter Injection
CAPEC-174: Flash Parameter Injection
CAPEC-41: Using Meta-characters in E-mail Headers to Inject Malicious Payloads
CAPEC-460: HTTP Parameter Pollution (HPP)
CAPEC-88: OS Command Injection

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:openpkg:openpkg:1.1:*:*:*:*:*:*:*
cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*

← Back to Home