CVE-2002-0985 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2002-0985 Interim 1 1 2025-03-28T00:57:32Z current 2025-03-28T00:57:32Z 2025-03-28T00:57:32Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2002-0985 Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RADS3S35S2INYFUTDM3RE5MA3Y4ZK54Q/#RADS3S35S2INYFUTDM3RE5MA3Y4ZK54Q E-Mail link for SuSE-SA:2002:036 https://www.suse.com/support/security/rating/ SUSE Security Ratings Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands. CVE-2002-0985 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P