WEB APPLICATION VULNERABILITIES Standard & Premium

osCommerce Other Vulnerability (CVE-2005-1951)

Description

Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php.

Remediation

References

Related Vulnerabilities

Drupal Core 4.5.x Mail Header Injection (4.5.0 - 4.5.7)

WordPress Plugin PayPlus Payment Gateway SQL Injection (7.0.7)

Oracle Database Server CVE-2008-2608 Vulnerability (CVE-2008-2608)

Oracle JRE CVE-2018-2795 Vulnerability (CVE-2018-2795)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7832)

Severity

Medium

Classification

CVE-2005-1951

Tags

Missing Update Known Vulnerabilities