CVE-2007-4190: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

May 1, 2022 (updated September 22, 2023)

CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information.

References

github.com/advisories/GHSA-h22q-g2c7-2jwj
nvd.nist.gov/vuln/detail/CVE-2007-4190
web.archive.org/web/20071001212343/http://www.joomla.org/content/view/3677/1/

Code Behaviors & Features

Detect and mitigate CVE-2007-4190 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →