CVE-2009-4023: CVE-2009-4023

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2009-4023

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Argument injection vulnerability in the sendmail implementation of the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

PEAR Mail软件包Sendmail Mail::Send()方式参数注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

PEAR（全称PHP Extension and Application Repository）是PHP Group负责维护的一个PHP扩展及应用的代码仓库。 PEAR的Mail软件包中sendmail实现没有正确地过滤对Mail::Send()方式所提交的from参数，远程攻击者可以向sendmail命令传送任意参数，绕过安全限制获取任意文件的内容。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2009-4023

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2009-4023

Please Login to view more intelligence information

http://svn.php.net/viewvc/pear/packages/Mail/trunk/Mail/sendmail.php?r1=243717&r2=280134x_refsource_CONFIRM
http://pear.php.net/bugs/bug.php?id=16200&edit=12&patch=quick-fix&revision=1241757412x_refsource_CONFIRM
https://bugs.gentoo.org/show_bug.cgi?id=294256x_refsource_CONFIRM
http://secunia.com/advisories/37410third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/37458third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/37081vdb-entryx_refsource_BID
http://www.vupen.com/english/advisories/2009/3300vdb-entryx_refsource_VUPEN
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.htmlvendor-advisoryx_refsource_SUSE
https://exchange.xforce.ibmcloud.com/vulnerabilities/54362vdb-entryx_refsource_XF
http://www.openwall.com/lists/oss-security/2009/11/23/8mailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2009-4023

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2009-4023

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2009-4023

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2009-4023

III. Intelligence Information for CVE-2009-4023

IV. Related Vulnerabilities

V. Comments for CVE-2009-4023

Leave a comment