← CVECheck
HomeVulnerabilities

CVE-2002-0985 — HIGH severity vulnerability (Argument injection vulnerability in the mail function for PH)

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.

CVE IDCVE-2002-0985
SeverityHIGH
CVSS score7.5
CVSS vectorAV:N/AC:L/Au:N/C:P/I:P/A:P
CWECWE-88
StatusModified
Published2002-09-24
Last modified2026-04-16
DescriptionArgument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →