CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Siteman | Siteman | 1.1.9 (including) | 1.1.9 (including) |
| Siteman | Siteman | 1.1.10 (including) | 1.1.10 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=110627350616949\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=110643320814371\u0026w=2
- http://securitytracker.com/id?1012951
- http://www.osvdb.org/13131
- http://www.securityfocus.com/bid/12304
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18998
- http://marc.info/?l=bugtraq\u0026m=110627350616949\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=110643320814371\u0026w=2
- http://securitytracker.com/id?1012951
- http://www.osvdb.org/13131
- http://www.securityfocus.com/bid/12304
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18998