CVE-2011-4545
PrestaShop 1.4.4.1 - CRLF Injection via admin/displayImage.php name Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2011-4545. PoCs published by RGouveia.
AI-analyzed exploit summary This exploit demonstrates an HTTP response splitting vulnerability in PrestaShop by injecting CRLF sequences into the 'name' parameter of a GET request. The payload includes a batch command sequence, indicating potential for arbitrary command execution if the response is interpreted by a vulnerable client.
Description
CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name parameter.
Exploits (1)
This exploit demonstrates an HTTP response splitting vulnerability in PrestaShop by injecting CRLF sequences into the 'name' parameter of a GET request. The payload includes a batch command sequence, indicating potential for arbitrary command execution if the response is interpreted by a vulnerable client.