CVE-2007-4190

medium

Description

CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information.

References

http://www.vupen.com/english/advisories/2007/2719

http://www.joomla.org/content/view/3677/1/

http://secunia.com/advisories/26239

Details

Source: Mitre, NVD

Published: 2007-08-08

Updated: 2021-10-01

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium