CVE-2009-4023

Name of the Vulnerable Software and Affected Versions Mail package version 1.1.14 for PEAR

Description The issue allows remote attackers to read and write arbitrary files via a crafted from parameter in the Mail::Send method. This is a result of an argument injection vulnerability in the sendmail implementation.

Recommendations For Mail package version 1.1.14, avoid using the from parameter in the affected Mail::Send method until the issue is resolved. Consider restricting access to the Mail/sendmail.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.