Description
CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by RGouveia · textwebappsphp
https://www.exploit-db.com/exploits/36345
References (2)
Core 2
Core References
Exploit x_refsource_misc
https://www.dognaedis.com/vulns/DGS-SEC-7.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/50785
Scores
EPSS
0.0334
EPSS Percentile
87.4%
Details
CWE
CWE-94
Status
published
Products (1)
prestashop/prestashop
1.4.4.1
Published
Dec 02, 2011
Tracked Since
Feb 18, 2026