Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1584 — CRLF Injection in Wordpress

5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

16.0%

top 5.22%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Wordpress Debian Wordpress

Timeline

PublishedDec 31

Latest updateApr 29

Description

CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 1.2.1-1.1 (bookworm)

▶Debianwordpress/wordpress< 1.2.1-1.1+3

▶NVDwordpress/wordpress1.2

Patches

Patch: secunia.com ↗Patch: wordpress.org ↗Patch: www.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-f4rg-5qc9-c5v5: CRLF injection vulnerability in wp-login↗2022-04-29

▶

OSV

CVE-2004-1584: CRLF injection vulnerability in wp-login↗2004-12-31

▶

💥Exploits & PoCs

Exploit-DB

WordPress Core 1.2 - HTTP Splitting↗2004-10-10

▶

📋Vendor Advisories

Debian

CVE-2004-1584: wordpress - CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote atta...↗2004

▶