CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the block_username parameter in the user module.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Phpwebsite | Phpwebsite | 0.7.3 (including) | 0.7.3 (including) |
| Phpwebsite | Phpwebsite | 0.8.2 (including) | 0.8.2 (including) |
| Phpwebsite | Phpwebsite | 0.8.3 (including) | 0.8.3 (including) |
| Phpwebsite | Phpwebsite | 0.9.3 (including) | 0.9.3 (including) |
| Phpwebsite | Phpwebsite | 0.9.3.1 (including) | 0.9.3.1 (including) |
| Phpwebsite | Phpwebsite | 0.9.3.2 (including) | 0.9.3.2 (including) |
| Phpwebsite | Phpwebsite | 0.9.3.3 (including) | 0.9.3.3 (including) |
| Phpwebsite | Phpwebsite | 0.9.3.4 (including) | 0.9.3.4 (including) |