CVE-2004-2054: CRLF Injection

First published: Fri Dec 31 2004(Updated: )

CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter to privmsg.php or (2) the redirect parameter to login.php.

Credit: cve@mitre.org

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-historical
• collector/nvd-index
• agent/weakness
• agent/references
• agent/severity
• agent/author
• agent/type
• agent/description
• agent/event
• agent/first-publish-date
• agent/softwarecombine
• agent/last-modified-date
• agent/tags
• collector/mitre-cve
• source/MITRE
• vendor/phpbb group
• canonical/phpbb group phpbb
• version/phpbb group phpbb/2.0.5
• version/phpbb group phpbb/2.0.7a
• version/phpbb group phpbb/2.0.8
• version/phpbb group phpbb/2.0.1
• version/phpbb group phpbb/2.0.3
• version/phpbb group phpbb/2.0_rc2
• version/phpbb group phpbb/2.0_rc1
• version/phpbb group phpbb/2.0.4
• version/phpbb group phpbb/2.0.9
• version/phpbb group phpbb/2.0.7
• version/phpbb group phpbb/2.0.8a
• version/phpbb group phpbb/2.0.6d
• version/phpbb group phpbb/2.0.2
• version/phpbb group phpbb/2.0.6c
• version/phpbb group phpbb/2.0_rc4
• version/phpbb group phpbb/2.0.6
• version/phpbb group phpbb/2.0.0
• version/phpbb group phpbb/2.0_rc3
• version/phpbb group phpbb/2.0_beta1