CVE-2011-4545

PrestaShop 1.4.4.1 - CRLF Injection via admin/displayImage.php name Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4545. PoCs published by RGouveia.

AI-analyzed exploit summary This exploit demonstrates an HTTP response splitting vulnerability in PrestaShop by injecting CRLF sequences into the 'name' parameter of a GET request. The payload includes a batch command sequence, indicating potential for arbitrary command execution if the response is interpreted by a vulnerable client.

Description

CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by RGouveia · textwebappsphp
https://www.exploit-db.com/exploits/36345

This exploit demonstrates an HTTP response splitting vulnerability in PrestaShop by injecting CRLF sequences into the 'name' parameter of a GET request. The payload includes a batch command sequence, indicating potential for arbitrary command execution if the response is interpreted by a vulnerable client.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: PrestaShop 1.4.4.1
Auth required
Prerequisites: Access to an existing file in the 'upload/' folder with an MD5 hash as its name · Admin panel access or knowledge of the file structure
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/50785

Scores

EPSS 0.0377
EPSS Percentile 88.6%

Details

CWE
CWE-94
Status published
Products (1)
prestashop/prestashop 1.4.4.1
Published Dec 02, 2011
Tracked Since Feb 18, 2026