2 matches found
CVE-2023-4767 Improper Neutralization of CRLF Sequences in ManageEngine Desktop Central
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATEID/1613157927228/InvSWMetering.c...
CVE-2023-4767
CVE-2023-4767 describes a CRLF injection in ManageEngine Desktop Central v9.1.0. The vulnerability affects the fileName parameter in the endpoint "/STATE_ID/1613157927228/InvSWMetering.csv", enabling an attacker to inject arbitrary HTTP headers and perform HTTP response splitting. Exploitation st...