CVE-2006-1017

Name of the Vulnerable Software and Affected Versions PHP versions 4.x before 4.4.4 PHP versions 5.x before 5.1.5

Description The issue is related to the misuse of the imap open() function in PHP, which can allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions when user-controlled input is accepted for the mailbox argument. This can lead to a loss of confidentiality or integrity, as a malicious local user may be able to view arbitrary files and create or modify existing files with the same level of privilege as the web server.

Recommendations For PHP versions 4.x before 4.4.4, update to version 4.4.4 or later to resolve the issue. For PHP versions 5.x before 5.1.5, update to version 5.1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the imap open() function to minimize the risk of exploitation.