July 19, 2001

PHP mail function vulnerability

Author: JT Smith

Net-Security: "php mail() function does not do check for escape shell commandes,
even if php is running in safe_mode.

So it may be possible to bypass the safe_mode restriction and
gain shell access."

Category:

  • Linux
Click Here!