← CVECheck
HomeVulnerabilities

CVE-2001-1246 — HIGH severity vulnerability (PHP 4.0.5 through 4.1.0 in safe mode does not properly clean)

PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.

CVE IDCVE-2001-1246
SeverityHIGH
CVSS score7.5
CVSS vectorAV:N/AC:L/Au:N/C:P/I:P/A:P
CWECWE-88
StatusModified
Published2001-06-30
Last modified2026-04-16
DescriptionPHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →