VYPR
Unrated severityNVD Advisory· Published Jun 30, 2001· Updated Jun 16, 2026

CVE-2001-1246

CVE-2001-1246

Description

PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • PHP/PHP2 versions
    cpe:2.3:a:php:php:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:php:php:*:*:*:*:*:*:*:*range: >=4.0.5,<=4.1.0
    • (no CPE)range: >=4.0.5, <=4.1.0

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.