PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.
Max CVSS
6.4
EPSS Score
0.33%
Published
2001-12-06
Updated
2012-06-25
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.
Max CVSS
7.5
EPSS Score
6.36%
Published
2001-06-30
Updated
2008-09-10
2 vulnerabilities found