Main Vulnerability Database Vulnerabilities #VU44476

#VU44476 Code Injection in PrestaShop - CVE-2011-4545

Published: December 2, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU44476

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2011-4545

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
PrestaShop

Software vendor:
PrestaShop SA

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name parameter.

Remediation

Install update from vendor's website.

External links

http://www.securityfocus.com/bid/50785
https://www.dognaedis.com/vulns/DGS-SEC-7.html

#VU44476 Code Injection in PrestaShop - CVE-2011-4545

Description

Remediation

External links

Please verify you're human