CVE-2012-2943
published 2012-05-27CVE-2012-2943: CRLF injection vulnerability in cryptographp.inc.php in Cryptographp allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response…
PriorityP429medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
1.99%
78.2th percentile
CRLF injection vulnerability in cryptographp.inc.php in Cryptographp allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the cfg parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| monstra | monstra | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jp78-f6xg-rhj6: CRLF injection vulnerability in cryptographp
ghsa_unreviewed·2022-05-17
CVE-2012-2943 [MEDIUM] GHSA-jp78-f6xg-rhj6: CRLF injection vulnerability in cryptographp
CRLF injection vulnerability in cryptographp.inc.php in Cryptographp allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the cfg parameter.
GHSA
GHSA-mwcj-9fqh-rc64: Monstra CMS V3
ghsa_unreviewed·2022-05-14·CVSS 5.0
CVE-2018-16979 [MEDIUM] CWE-113 GHSA-mwcj-9fqh-rc64: Monstra CMS V3
Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943.
No detection rules found.
Nuclei
Monstra CMS 3.0.4 - HTTP Header Injection
nuclei·CVSS 5.0
CVE-2018-16979 [MEDIUM] Monstra CMS 3.0.4 - HTTP Header Injection
Monstra CMS 3.0.4 - HTTP Header Injection
Monstra CMS 3.0.4 is susceptible to HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter. An attacker can potentially supply invalid input and cause the server to allow redirects to attacker-controlled domains, perform cache poisoning, and/or allow improper access to virtual hosts not intended for this purpose. This is a related issue to CVE-2012-2943.
Template:
id: CVE-2018-16979
info:
name: Monstra CMS 3.0.4 - HTTP Header Injection
author: 0x_Akoko
severity: medium
description: |
Monstra CMS 3.0.4 is susceptible to HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter. An attacker can potentially supply invalid input and cause the server to allow redirects to attacker-controlled domains
No writeups or analysis indexed.
http://packetstormsecurity.org/files/112859/Cryptographp-Local-File-Inclusion-HTTP-Response-Splitting.htmlhttp://www.securityfocus.com/bid/53609https://exchange.xforce.ibmcloud.com/vulnerabilities/75768http://packetstormsecurity.org/files/112859/Cryptographp-Local-File-Inclusion-HTTP-Response-Splitting.htmlhttp://www.securityfocus.com/bid/53609https://exchange.xforce.ibmcloud.com/vulnerabilities/75768
2012-05-27
Published