HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF (%0d%0a) sequences in the forwarder parameter.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Php-nuke | Francisco_burzi | * | 7.5 (including) |
| Php-nuke | Francisco_burzi | 7.6 (including) | 7.6 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=111359804013536\u0026w=2
- http://secunia.com/advisories/14965
- http://www.digitalparadox.org/advisories/pnuke.txt
- http://www.osvdb.org/15647
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20116
- http://marc.info/?l=bugtraq\u0026m=111359804013536\u0026w=2
- http://secunia.com/advisories/14965
- http://www.digitalparadox.org/advisories/pnuke.txt
- http://www.osvdb.org/15647
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20116