← CVECheck
HomeVulnerabilities

CVE-2002-0986 — MEDIUM severity vulnerability (The mail function in PHP 4.x to 4.2.2 does not filter ASCII)

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."

CVE IDCVE-2002-0986
SeverityMEDIUM
CVSS score5.0
CVSS vectorAV:N/AC:L/Au:N/C:N/I:P/A:N
CWENVD-CWE-Other
StatusModified
Published2002-09-24
Last modified2026-04-16
DescriptionThe mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →