Vulnerabilities > CVE-2006-3171 - Remote Security vulnerability in Cs-Forum

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

comscripts

NVD

Published: 2006-06-23

Updated: 2017-07-20

Summary

CRLF injection vulnerability in CS-Forum before 0.82 allows remote attackers to inject arbitrary email headers via a newline character in the email parameter to ajouter.php.

Vulnerable Configurations

Part	Description	Count
Application	Comscripts Comscripts CS Forum *	1

References

http://secunia.com/advisories/20534
http://www.acid-root.new.fr/advisories/csforum081.txt
http://www.comscripts.com/scripts/php.cs-forum.643.html
http://www.osvdb.org/26384
http://www.vupen.com/english/advisories/2006/2314
https://exchange.xforce.ibmcloud.com/vulnerabilities/27177