Main Vulnerability Database Exploits ID:11539 - Exploit for Input validation error in PHP - CVE-2006-1014

ID:11539 - Exploit for Input validation error in PHP - CVE-2006-1014

Published: June 10, 2025

Vulnerability identifier: #VU110491

Vulnerability risk: Low

CVE-ID: CVE-2006-1014

CWE-ID: CWE-20

Exploitation vector: Local access

Vulnerable software:
PHP

Link to public exploit:

https://www.exploit-db.com/exploits/27335/

Vulnerability description

The vulnerability allows a local user to read and manipulate data.

Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and create arbitrary files by providing extra -C and -X arguments to sendmail. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE. This vulnerability affects all versions of PHP from 4.0.x through 5.1.x

Remediation

Install update from vendor's website.

ID:11539 - Exploit for Input validation error in PHP - CVE-2006-1014

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human