PrestaShop CVE-2011-4545 vulnerability

Core

Score

5 Medium

Date publish

02-12-2011

Versiones afectadas

  • Versions from 1.4.4.1 up to and including 1.4.4.1

Description

CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name parameter.

References

Metrics

cvssMetricV2
sourcenvd@nist.gov
typePrimary
version2.0
vectorStringAV:N/AC:L/Au:N/C:N/I:P/A:N
baseScore5
accessVectorNETWORK
accessComplexityLOW
authenticationNONE
confidentialityImpactNONE
integrityImpactPARTIAL
availabilityImpactNONE
baseSeverityMEDIUM
exploitabilityScore10
impactScore2.9
acInsufInfoFalse
obtainAllPrivilegeFalse
obtainUserPrivilegeFalse
obtainOtherPrivilegeFalse
userInteractionRequiredFalse
Scroll al inicio