Crlf injection

2009-03-2614:30:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.2%

JSON

CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters.

CPENameOperatorVersion
phpmyadmineq3.1.2
phpmyadmineq3.1.0
phpmyadmineq3.1.1 rc1
phpmyadmineq3.1.1
phpmyadmineq3.1.3 rc1
phpmyadmineq3.1.0.0
phpmyadmineq3.1.2 rc1
phpmyadminle3.1.3

Name	Operator	Version
phpmyadmin	eq	3.1.2
phpmyadmin	eq	3.1.0
phpmyadmin	eq	3.1.1 rc1
phpmyadmin	eq	3.1.1
phpmyadmin	eq	3.1.3 rc1
phpmyadmin	eq	3.1.0.0
phpmyadmin	eq	3.1.2 rc1
phpmyadmin	le	3.1.3