Back to search
CVE-2009-4111
Published: Nov 28, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-4023.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
SUSE-SR:2010:020
vendor-advisory
x_refsource_SUSE
37458
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20091123 CVE request: Argument injections in multiple PEAR packages
mailing-list
x_refsource_MLIST
http://pear.php.net/bugs/bug.php?id=16200
x_refsource_MISC
DSA-1938
vendor-advisory
x_refsource_DEBIAN
[oss-security] 20091128 Re: CVE request: Argument injections in multiple PEAR packages
mailing-list
x_refsource_MLIST
37395
vdb-entry
x_refsource_BID
https://bugs.gentoo.org/show_bug.cgi?id=294256
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now