CVE-2006-1014 | Date: (C)2006-03-06 (M)2023-12-22 |
Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and create arbitrary files by providing extra -C and -X arguments to sendmail. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V2 Severity: |
CVSS Score : 3.2 |
Exploit Score: 3.1 |
Impact Score: 4.9 |
|
CVSS V2 Metrics: |
Access Vector: LOCAL |
Access Complexity: LOW |
Authentication: SINGLE |
Confidentiality: PARTIAL |
Integrity: PARTIAL |
Availability: NONE |
| |