Lucene search
GitHub Advisory DatabaseGHSA-H22Q-G2C7-2JWJHistoryMay 01, 2022 - 6:21 p.m.
Joomla! vulnerable to CRLF injection
2022-05-0118:21:10
CWE-93
GitHub Advisory Database
github.com
10
joomla
crlf injection
vulnerability
http headers
xss
sunglow
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.003
Percentile
69.0%
CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information.
Affected configurations
Node
joomlaapplicationRange<1.0.13
| Vendor | Product | Version | CPE |
|---|---|---|---|
| joomla | application | * | cpe:2.3:a:joomla:application:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2007-4190
2007-08-08 01:11:00
nvd
nvd
CVE-2007-4190
2007-08-08 01:17:00
prion
prion
Crlf injection
2007-08-08 01:17:00
osv
osv
Joomla! vulnerable to CRLF injection
2022-05-01 18:21:10
cve
cve
CVE-2007-4190
2007-08-08 01:17:00
freebsd
freebsd
joomla -- multiple vulnerabilities
2007-07-30 00:00:00
openvas
openvas
FreeBSD Ports: joomla
2008-09-04 00:00:00
FreeBSD Ports: joomla
2008-09-04 00:00:00
nessus
nessus
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.003
Percentile
69.0%
Related for GHSA-H22Q-G2C7-2JWJ