Description

CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters.

Remediation

References

CVE-2009-1149

Related Vulnerabilities

Mailman Other Vulnerability (CVE-2001-0884)

WordPress Plugin Timetable and Event Schedule by MotoPress Cross-Site Request Forgery (2.4.1)

WordPress Plugin Smash Balloon Social Post Feed Cross-Site Scripting (4.1)

WordPress Plugin Custom Banners Cross-Site Request Forgery (3.2.2)

WordPress Plugin Woocommerce-Recent Purchases Local File Inclusion (1.0.1)

Severity

High

Classification

CVE-2009-1149 CWE-20

Tags

Missing Update Known Vulnerabilities