Skip to content

Joomla! vulnerable to CRLF injection

Moderate severity GitHub Reviewed Published May 1, 2022 to the GitHub Advisory Database • Updated Sep 22, 2023

Package

composer joomla/application (Composer)

Affected versions

< 1.0.13

Patched versions

1.0.13

Description

CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information.

References

Published by the National Vulnerability Database Aug 8, 2007
Published to the GitHub Advisory Database May 1, 2022
Reviewed Sep 22, 2023
Last updated Sep 22, 2023

Severity

Moderate

EPSS score

0.219%
(60th percentile)

Weaknesses

CVE ID

CVE-2007-4190

GHSA ID

GHSA-h22q-g2c7-2jwj

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.