| ID |
CVE-2006-5566
|
| Summary |
CRLF injection vulnerability in premium/index.php in Shop-Script allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the (1) links_exchange, (2) news, (3) search_with_change_category_ability, (4) logging, (5) feedback, (6) show_price, (7) register, (8) answer, (9) productID, and (10) inside parameters. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 5.0 (as of 17-10-2018 - 21:43) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
PARTIAL |
NONE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
| refmap
via4
|
| bid | 20685 | | bugtraq | 20061023 Multiple HTTP response splitting vulnerabilities in SHOP-SCRIPT | | secunia | 22541 | | sreason | 1791 | | vupen | ADV-2006-4219 |
|
| Last major update |
17-10-2018 - 21:43 |
| Published |
27-10-2006 - 16:07 |
| Last modified |
17-10-2018 - 21:43 |
