Описание
CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with "FILE:".
Ссылки
- Third Party Advisory
- Broken Link
- Third Party Advisory
- Broken Link
Уязвимые конфигурации
Конфигурация 1Версия до 2.1 (включая)
Одно из
cpe:2.3:a:matthieu_aubry:phpmyvisites:*:*:*:*:*:*:*:*
cpe:2.3:a:matthieu_aubry:phpmyvisites:0.1_beta:*:*:*:*:*:*:*
cpe:2.3:a:matthieu_aubry:phpmyvisites:1.0:*:*:*:*:*:*:*
cpe:2.3:a:matthieu_aubry:phpmyvisites:1.1:*:*:*:*:*:*:*
cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2:*:*:*:*:*:*:*
cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2_beta:*:*:*:*:*:*:*
cpe:2.3:a:matthieu_aubry:phpmyvisites:1.3:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00619
Низкий
7.5 High
CVSS2
Дефекты
CWE-93
Связанные уязвимости
github
больше 3 лет назад
CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with "FILE:".
EPSS
Процентиль: 69%
0.00619
Низкий
7.5 High
CVSS2
Дефекты
CWE-93