CVE-2006-6374

Name of the Vulnerable Software and Affected Versions PhpMyAdmin version 2.7.0-pl2

Description The issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in multiple files, including css/phpmyadmin.css.php, db create.php, index.php, left.php, libraries/session.inc.php, libraries/transformations/overview.php, querywindow.php, and server engines.php.

Recommendations For PhpMyAdmin version 2.7.0-pl2, consider updating to a newer version to mitigate the risk of CRLF injection and HTTP response splitting attacks. As a temporary workaround, restrict access to the vulnerable files to minimize the risk of exploitation. Avoid using CRLF sequences in phpMyAdmin cookies until the issue is resolved.