PHP 4.x/5.0/5.1 - 'mb_send_mail()' Restriction Bypass

Author: ced.clerget@free.fr
type: local
platform: php
port: 
date_added: 2006-02-28 
date_updated: 2013-08-04 
verified: 1 
codes: CVE-2006-1014;OSVDB-23534 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/16878/info

PHP is prone to multiple input-validation vulnerabilities that could allow 'safe_mode' and 'open_basedir' security settings to be bypassed. These issues reside in the 'mb_send_mail()' function, the 'mail()' function, and various PHP IMAP functions.

mb_send_mail($email_address, NULL, NULL, NULL, $additional_param);