Description
CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the thread parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Alexander Antipov · textwebappsphp
https://www.exploit-db.com/exploits/24651
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17558
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1011463
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/12695
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11283
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109655691512298&w=2
Exploit, Vendor Advisory mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/027040.html
Scores
EPSS
0.0619
EPSS Percentile
90.9%
Details
Status
published
Products (1)
w-agora/w-agora
4.1.6a
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026