GoogleOSV:GHSA-XRPQ-63MP-9VCWphpMyAdmin HTTP Response Splitting Vulnerability
7.1 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.4%
CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters.
References
lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_3_1_3/phpMyAdmin/bs_disp_as_mime_type.php?r1=12303&r2=12302&pathrev=12303
www.phpmyadmin.net/home_page/security/PMASA-2009-1.php
github.com/phpmyadmin/composer
github.com/phpmyadmin/phpmyadmin/commit/69bfbf11c7e9487dfa96293aaa797ff14bb513f0
nvd.nist.gov/vuln/detail/CVE-2009-1149
Related
7.1 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.4%