Lucene search
HistoryOct 03, 2022 - 4:20 p.m.
CVE-2014-9182
cve-2014-9182
anchor cms
security vulnerability
injection
mail header manipulation
nvd
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.8 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
51.0%
models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header.
Affected configurations
Node
anchorcmsanchor_cmsRange≤0.9.2
ORanchorcmsanchor_cmsMatch0.9.1
| CPE | Name | Operator | Version |
|---|---|---|---|
| anchorcms:anchor_cms | anchorcms anchor cms | le | 0.9.2 |
| anchorcms:anchor_cms | anchorcms anchor cms | eq | 0.9.1 |
Related
packetstorm
packetstorm
Anchor CMS 0.9.2 Header Injection
2014-11-10 00:00:00
veracode
veracode
Header Injection
2017-07-30 20:57:02
nvd
nvd
CVE-2014-9182
2014-12-02 18:59:00
prion
prion
Design/Logic Flaw
2014-12-02 18:59:00
cvelist
cvelist
CVE-2014-9182
2022-10-03 16:20:39
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.8 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
51.0%
Related for CVE-2014-9182