Description
CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2019-2517 Vulnerability (CVE-2019-2517)
PHP Other Vulnerability (CVE-2003-0860)
WordPress Plugin Font Uploader 'font-upload.php' Arbitrary File Upload (1.2.4)
WordPress Plugin Katalyst TimThumb 'timthumb.php' Arbitrary File Upload (1.0)
WordPress Plugin Mail logging-WP Mail Catcher Cross-Site Scripting (2.1.2)