CVE-2007-3686 - CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remot

CVE-2007-3686

Summary

CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary HTTP headers and data via CRLF sequences in the HTTP_REFERER parameter.

References

http://secunia.com/advisories/25985
http://www.cirt.net/advisories/unobtrusive_ajax_star_rating.shtml
http://www.osvdb.org/35936
http://www.securityfocus.com/bid/24840
https://exchange.xforce.ibmcloud.com/vulnerabilities/35329

Vulnerable Configurations

cpe:2.3:a:masuga_design:unobtrusive_ajax_star_rating_bar:*:*:*:*:*:*:*:*
cpe:2.3:a:masuga_design:unobtrusive_ajax_star_rating_bar:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 29-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	24840
misc	http://www.cirt.net/advisories/unobtrusive_ajax_star_rating.shtml
osvdb	35936
secunia	25985
xf	unobtrusive-ajax-db-crlf-injection(35329)

Last major update

29-07-2017 - 01:32

Published

11-07-2007 - 17:30

Last modified

29-07-2017 - 01:32