Devellion: >> Cubecart >> 3.0.15 Security Vulnerabilities
Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php.
CVSS Score
5.0
EPSS Score
0.006
Published
2007-05-09