CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
91.2%
Argument injection vulnerability in the sendmail implementation of the
Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 for PEAR
allows remote attackers to read and write arbitrary files via a crafted
$from parameter, a different vector than CVE-2009-4111.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | php-mail | <Β 1.1.6-2+etch1build0.6.06.1 | UNKNOWN |
ubuntu | 8.04 | noarch | php-mail | <Β 1.1.6-2+etch1build0.8.04.1 | UNKNOWN |
ubuntu | 8.10 | noarch | php-mail | <Β 1.1.14-1+lenny1build0.8.10.1 | UNKNOWN |
ubuntu | 9.04 | noarch | php-mail | <Β 1.1.14-1+lenny1build0.9.04.1 | UNKNOWN |
ubuntu | 9.10 | noarch | php-mail | <Β 1.1.14-1+lenny1build0.9.10.1 | UNKNOWN |