php-mail: arbitrary file disclosure
| Package(s): | php-mail | CVE #(s): | |||||
| Created: | November 23, 2009 | Updated: | November 24, 2009 | ||||
| Description: | From the VUPEN advisory: A vulnerability has been identified in Debian, which could be exploited by attackers to bypass security restrictions and gain knowledge of sensitive information. This issue is caused by an error in php-mail. The advisory refers to another related advisory, which has more information: A vulnerability has been identified in PEAR Mail, which could be exploited by attackers to bypass security restrictions and gain knowledge of sensitive information. This issue is caused by an input validation error in the "Mail/sendmail.php" script when passing the "form" parameter as an argument to sendmail, which could be exploited by attackers to inject arbitrary arguments and e.g. disclose or copy the contents of arbitrary files. | ||||||
| Alerts: |
| ||||||