FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php-imap -- imap_open allows to run arbitrary shell commands via mailbox parameter

Affected packages
		php56-imap	<	5.6.38_1
		php70-imap	<	*
		php71-imap	<	*
		php72-imap	<	*
		php73-imap	<	*

Details

VuXML ID	ec49f6b5-ee39-11e8-b2f4-74d435b63d51
Discovery	2018-10-23
Entry	2018-11-22
Modified	2018-11-22

The PHP team reports:

imap_open allows to run arbitrary shell commands via mailbox parameter.

[source]

References

URL	https://bugs.php.net/bug.php?id=77153

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.