CVE-2007-4190 — Injection in Joomla !

CWE-74 — Injection CWE-93 — CRLF Injection3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.0%

top 95.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Joomla !Joomla Application

Timeline

PublishedAug 8

Latest updateMay 1

Description

CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDjoomla/joomla_!< 1.0.13

▶Packagistjoomla/application< 1.0.13

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

Joomla! vulnerable to CRLF injection↗2022-05-01

▶

OSV

Joomla! vulnerable to CRLF injection↗2022-05-01

▶