CVE-2007-0892

phpMyVisites <2.2 - CRLF Injection

Title source: llm

Description

CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with "FILE:".

References (4)

[Broken Link] http://osvdb.org/33177

[Third Party Advisory] http://marc.info/?l=full-disclosure&m=117121596803908&w=2

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/459792/100/0/threaded

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/32428

Scores

EPSS 0.0078

EPSS Percentile 73.8%

Details

CWE

CWE-93

Status published

Products (9)

matthieu_aubry/phpmyvisites 0.1_beta

matthieu_aubry/phpmyvisites 1.0

matthieu_aubry/phpmyvisites 1.1

matthieu_aubry/phpmyvisites 1.2

matthieu_aubry/phpmyvisites 1.2.1

matthieu_aubry/phpmyvisites 1.2.2

matthieu_aubry/phpmyvisites 1.2_beta

matthieu_aubry/phpmyvisites 1.3

matthieu_aubry/phpmyvisites < 2.1

Published Feb 12, 2007

Tracked Since Feb 18, 2026