Description
CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions before 1.0b1, allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Maestro De-Seguridad · textremotemultiple
https://www.exploit-db.com/exploits/24598
References (5)
Core 5
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109518773223511&w=2
Various Sources x_refsource_confirm
http://www.snipsnap.org/space/start
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17364
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11180
Patch vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200409-23.xml
Scores
EPSS
0.0775
EPSS Percentile
92.0%
Details
Status
published
Products (1)
snipsnap/snipsnap
0.5.2a
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026