Vulnerabilities > CVE-2006-5566 - HTTP Response Splitting vulnerability in Shop-Script

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
webasyst-llc
exploit available
NVD
Published: 2006-10-27
Updated: 2018-10-17

Summary

CRLF injection vulnerability in premium/index.php in Shop-Script allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the (1) links_exchange, (2) news, (3) search_with_change_category_ability, (4) logging, (5) feedback, (6) show_price, (7) register, (8) answer, (9) productID, and (10) inside parameters.

Vulnerable Configurations

Part Description Count
Application
Webasyst_Llc
1

Exploit-Db

descriptionShop-Script Multiple HTTP Response Splitting Vulnerabilities. CVE-2006-5566. Webapps exploit for php platform
idEDB-ID:28845
last seen2016-02-03
modified2006-10-23
published2006-10-23
reporterDebasis Mohanty
sourcehttps://www.exploit-db.com/download/28845/
titleShop-Script Multiple HTTP Response Splitting Vulnerabilities

References