ID:11543 - Exploit for Improper Neutralization of Argument Delimiters in a Command in PHP - CVE-2001-1246

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:11543 - Exploit for Improper Neutralization of Argument Delimiters in a Command in PHP - CVE-2001-1246

ID:11543 - Exploit for Improper Neutralization of Argument Delimiters in a Command in PHP - CVE-2001-1246

Published: June 10, 2025


Vulnerability identifier: #VU110548
Vulnerability risk: Medium
CVE-ID: CVE-2001-1246
CWE-ID: CWE-88
Exploitation vector: Remote access
Vulnerable software:
PHP

Link to public exploit:


Vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.


Remediation

Install update from vendor's website.