vulnerable to http header injection
Issue #249
resolved
Originally reported on Google Code with ID 249
The "filename" parameter of the "phpliteadmin.php" script, when invoked as "/manager/phpliteadmin.php?view=export"
is vulnerable to http header injection [0]
Found this during an automated scan, verified and seems to work. Tested against 1.9.3.3
This is a low risk vulnerability
[0] http://en.wikipedia.org/wiki/HTTP_header_injection
Reported by andres.riancho
on 2014-04-23 18:38:40
Comments (4)
-
-
reporter Agreed on all your comments.
Reported by
andres.riancho
on 2014-04-23 21:58:09 -
Reported by
crazy4chrissi
on 2014-05-22 20:08:21 - Labels added: Target-1.9.6 -
Fixed this in git with rev 6922a7df4e2b629d8ae54bb482b0677b02104df3
Reported by
crazy4chrissi
on 2014-12-26 23:26:48 - Status changed:Fixed
- Log in to comment
Reported by
crazy4chrissi
on 2014-04-23 21:53:08 - Status changed:Accepted