CVE-2007-4190 – joomla/application

Package

Manager: composer
Name: joomla/application
Vulnerable Version: >=0 <1.0.13

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 9e-05 pctl0.00624

Details

Joomla! vulnerable to CRLF injection CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information.

Metadata

Created: 2022-05-01T18:21:10Z
Modified: 2023-09-22T21:41:58Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-h22q-g2c7-2jwj/GHSA-h22q-g2c7-2jwj.json
CWE IDs: ["CWE-93"]
Alternative ID: GHSA-h22q-g2c7-2jwj
Finding: F184
Auto approve: 1