ID CVE-2006-3171
Summary CRLF injection vulnerability in CS-Forum before 0.82 allows remote attackers to inject arbitrary email headers via a newline character in the email parameter to ajouter.php.
References
Vulnerable Configurations
  • cpe:2.3:a:comscripts:cs-forum:*:*:*:*:*:*:*:*
    cpe:2.3:a:comscripts:cs-forum:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 20-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
confirm http://www.comscripts.com/scripts/php.cs-forum.643.html
misc http://www.acid-root.new.fr/advisories/csforum081.txt
osvdb 26384
secunia 20534
vupen ADV-2006-2314
xf csforum-ajouter-header-injection(27177)
Last major update 20-07-2017 - 01:32
Published 23-06-2006 - 00:02
Last modified 20-07-2017 - 01:32
Back to Top