Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2009-4023

Disclosure Date: November 29, 2009
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Argument injection vulnerability in the sendmail implementation of the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

Technical Analysis