Vulnerabilities > CVE-2005-4712 - Remote Security vulnerability in PHP Handicapper

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

php-handicapper

NVD

Published: 2005-12-31

Updated: 2008-09-05

Summary

CRLF injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the login parameter. NOTE: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well.

Vulnerable Configurations

Part	Description	Count
Application	Php_Handicapper PHP Handicapper PHP Handicapper *	1

References

http://www.zone-h.org/advisories/read/id=8360