Search for vulnerabilities
Vulnerability details: VCID-r2n9-61ak-aaan
Vulnerability ID VCID-r2n9-61ak-aaan
Aliases CVE-2009-4111
Summary Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-4023.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-94 Improper Control of Generation of Code ('Code Injection')
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-4111.html
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.00707 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.01995 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.03161 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.03161 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.03161 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.03161 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.03161 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.03161 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.03161 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.03161 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.03161 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.03161 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.03161 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.03327 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.03327 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.03327 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
epss 0.03327 https://api.first.org/data/v1/epss?cve=CVE-2009-4111
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=540842
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4111
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2009-4111
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html
http://pear.php.net/bugs/bug.php?id=16200
http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-4111.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4111.json
https://api.first.org/data/v1/epss?cve=CVE-2009-4111
https://bugs.gentoo.org/show_bug.cgi?id=294256
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4111
http://secunia.com/advisories/37458
http://www.debian.org/security/2009/dsa-1938
http://www.openwall.com/lists/oss-security/2009/11/23/8
http://www.openwall.com/lists/oss-security/2009/11/28/2
http://www.securityfocus.com/bid/37395
540842 https://bugzilla.redhat.com/show_bug.cgi?id=540842
557121 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=557121
cpe:2.3:a:pear:mail:1.1.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pear:mail:1.1.14:*:*:*:*:*:*:*
cpe:2.3:a:pear:mail:1.2.0b2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pear:mail:1.2.0b2:*:*:*:*:*:*:*
CVE-2009-4111 https://nvd.nist.gov/vuln/detail/CVE-2009-4111
GLSA-201412-09 https://security.gentoo.org/glsa/201412-09
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2009-4111
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.69873
EPSS Score 0.00707
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.