Vulnerabilities > CVE-2006-1015 - Security Bypass vulnerability in PHP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, allows remote attackers to read and create arbitrary files via the sendmail -C and -X arguments. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE.
Vulnerable Configurations
Exploit-Db
description | PHP 4.x/5.0/5.1 w/ Sendmail Mail Function additional_parameters Argument Arbitrary File Creation. CVE-2006-1015. Local exploit for php platform |
id | EDB-ID:27334 |
last seen | 2016-02-03 |
modified | 2006-02-28 |
published | 2006-02-28 |
reporter | [email protected] |
source | https://www.exploit-db.com/download/27334/ |
title | PHP 4.x/5.0/5.1 with Sendmail Mail Function additional_parameters - Argument Arbitrary File Creation |
Nessus
NASL family CGI abuses NASL id PHP_5_2_0.NASL description According to its banner, the version of PHP 5.x installed on the remote host is older than 5.2. Such versions may be affected by several buffer overflows. To exploit these issues, an attacker would need the ability to upload an arbitrary PHP script on the remote server or to manipulate several variables processed by some PHP functions such as last seen 2020-06-01 modified 2020-06-02 plugin id 31649 published 2008-03-25 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31649 title PHP 5.x < 5.2 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_024.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:024 (php4,php5). This update fixes the following security issues in the scripting languages PHP4 and PHP5: - copy() and tempnam() functions could bypass open_basedir restrictions (CVE-2006-1494) - Cross-Site-Scripting (XSS) bug in phpinfo() (CVE-2006-0996) - mb_send_mail() lacked safe_mode checks (CVE-2006-1014, CVE-2006-1015) - html_entity_decode() could expose memory content (CVE-2006-1490) last seen 2019-10-28 modified 2006-05-13 plugin id 21369 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21369 title SUSE-SA:2006:024: php4,php5
Statements
contributor | Mark J Cox |
lastmodified | 2006-08-30 |
organization | Red Hat |
statement | We do not consider these to be security issues: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 |