CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and previous versions allows remote malicious users to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the PHPSESSID parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
codeworx technologies dcp-portal 5.0.2 |
||
codeworx technologies dcp-portal 5.1 |
||
codeworx technologies dcp-portal 3.7 |
||
codeworx technologies dcp-portal 4.0 |
||
codeworx technologies dcp-portal 4.1 |
||
codeworx technologies dcp-portal 4.2 |
||
codeworx technologies dcp-portal 5.3.1 |
||
codeworx technologies dcp-portal |
||
codeworx technologies dcp-portal 5.2 |
||
codeworx technologies dcp-portal 5.3 |
||
codeworx technologies dcp-portal 4.5.1 |
||
codeworx technologies dcp-portal 5.0.1 |