CVE-2007-2046

Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads (phpAdsNew) 2.0.11 and earlier and (b) Openads for PostgreSQL (phpPgAds) 2.0.11 and earlier allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in (1) the dest parameter and (2) the Referer HTTP header. NOTE: some of these details are obtained from third party information.

Published: Apr 17, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-2046
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
openads / openads	-	2.0.11.x

http://forum.openads.org/index.php?showtopic=503413399&pid=39136
http://secunia.com/advisories/24876
http://sourceforge.net/forum/forum.php?forum_id=685278
http://sourceforge.net/project/shownotes.php?release_id=500343
http://www.vupen.com/english/advisories/2007/1364

Vulnerability Database

CVE-2007-2046

Deep Security Visibility Without the Complexity