CVE-2007-2618

Published: May 11, 2007Modified: Apr 23, 2026

5.1

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability: 4.9 / Impact: 6.4

Source: NVD

Description

CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS."

Affected (1)

Products: Drake Team: Drake Cms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Drake Team Drake Cms	Version 0.4.0

References (10)

http://osvdb.org/37303

Source: cve@mitre.org

http://securityreason.com/securityalert/2691

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/467829/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/23851

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/34145

Source: cve@mitre.org

http://osvdb.org/37303

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/2691

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/467829/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/23851

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/34145

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.