Description
CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information.
References (4)
Core 4
Core References
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26239
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/38739
Vendor Advisory x_refsource_misc
http://www.joomla.org/content/view/3677/1/
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2719
Scores
EPSS
0.0002
EPSS Percentile
5.5%
Details
CWE
CWE-74
Status
published
Products (2)
joomla/application
0 - 1.0.13Packagist
joomla/joomla\!
< 1.0.13
Published
Aug 08, 2007
Tracked Since
Feb 18, 2026