CVE-2004-1516

Name of the Vulnerable Software and Affected Versions phpWebSite version 0.9.3-4

Description The issue concerns a CRLF injection vulnerability. This allows remote attackers to perform HTTP Response Splitting attacks, which can modify the expected HTML content from the server. The block username parameter in the user module is specifically vulnerable to this type of attack.

Recommendations For phpWebSite version 0.9.3-4, consider restricting access to the user module or avoiding the use of the block username parameter until a fix is available. As a temporary workaround, disabling the vulnerable functionality in the index.php file may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.