CRLF Injection Vulnerability in SocialEngine by Web Dzine
CVE-2008-6121

Currently unrated

Key Information:

Vendor

Socialengine

Status
Socialengine
Vendor
CVE Published:
11 February 2009

What is CVE-2008-6121?

A CRLF injection vulnerability exists in SocialEngine versions 2.7 and earlier, enabling remote attackers to inject arbitrary HTTP headers through the manipulation of the PHPSESSID cookie. This could lead to HTTP response splitting attacks, allowing malicious users to craft responses that can be sent to unsuspecting users. It's essential for businesses using affected versions to apply security updates to mitigate potential exploits and protect user data.

References

http://marc.info/?l=bugtraq&m=122720734728665&w=2
mailing-listx_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/46771
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/32382
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.