exploitDog

GHSA-h22q-g2c7-2jwj

Опубликовано: 01 мая 2022

Источник: github

Github: Прошло ревью

Описание

Joomla! vulnerable to CRLF injection

CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information.

Ссылки

Пакеты

Наименование

joomla/application

composer

Затронутые версииВерсия исправления

< 1.0.13

1.0.13

EPSS

Процентиль: 3%

0.00016

Низкий

CVE ID

Дефекты

CWE-93

Связанные уязвимости

CVE-2007-4190

nvd

больше 18 лет назад

CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information.

EPSS

Процентиль: 3%

0.00016

Низкий

CVE ID

Дефекты

CWE-93