QwikSec

Security Database

CVE

CWE

Training

CVE-2009-4023

Published: Nov 28, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Argument injection vulnerability in the sendmail implementation of the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

SUSE-SR:2010:020

vendor-advisory

x_refsource_SUSE

third-party-advisory

x_refsource_SECUNIA

[oss-security] 20091123 CVE request: Argument injections in multiple PEAR packages

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_VUPEN

https://bugs.gentoo.org/show_bug.cgi?id=294256

x_refsource_CONFIRM

http://pear.php.net/bugs/bug.php?id=16200&edit=12&patch=quick-fix&revision=1241757412

x_refsource_CONFIRM

pear-from-security-bypass(54362)

vdb-entry

x_refsource_XF

vendor-advisory

x_refsource_DEBIAN

third-party-advisory

x_refsource_SECUNIA

http://svn.php.net/viewvc/pear/packages/Mail/trunk/Mail/sendmail.php?r1=243717&r2=280134

x_refsource_CONFIRM

http://pear.php.net/bugs/bug.php?id=16200

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.