CVE-2014-2017

MEDIUM

OXID eShop <4.7.11-4.8.4, <5.0.11-5.1.4 - CRLF Injection

Title source: llm

Description

CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and 4.8.x before 4.8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Exploits (1)

exploitdb WRITEUP
by //sToRm · textwebappsphp
https://www.exploit-db.com/exploits/32375

References (2)

Scores

CVSS v3 6.1
EPSS 0.0219
EPSS Percentile 84.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE
CWE-93
Status published

Affected Products (3)

oxidforge/eshop < 4.7.11
oxidforge/eshop < 5.0.11
oxidforge/eshop < 4.7.11

Timeline

Published Jan 18, 2018
Tracked Since Feb 18, 2026