CVE-2007-3686

Опубликовано: 11 июл. 2007

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary HTTP headers and data via CRLF sequences in the HTTP_REFERER parameter.

Ссылки

http://secunia.com/advisories/25985
Vendor Advisory
http://www.cirt.net/advisories/unobtrusive_ajax_star_rating.shtml
Patch
Vendor Advisory
http://www.osvdb.org/35936
http://www.securityfocus.com/bid/24840
https://exchange.xforce.ibmcloud.com/vulnerabilities/35329
http://secunia.com/advisories/25985
Vendor Advisory
http://www.cirt.net/advisories/unobtrusive_ajax_star_rating.shtml
Patch
Vendor Advisory
http://www.osvdb.org/35936
http://www.securityfocus.com/bid/24840
https://exchange.xforce.ibmcloud.com/vulnerabilities/35329

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:masuga_design:unobtrusive_ajax_star_rating_bar:*:*:*:*:*:*:*:*

Версия до 1.1.9 (включая)

EPSS

Процентиль: 72%

0.00721

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-wjh6-q6cx-7rch

github

почти 4 года назад