CVE-2007-3709

Name of the Vulnerable Software and Affected Versions CodeIgniter version 1.5.3

Description The issue concerns a CRLF injection vulnerability in the redirect function within the url helper.php file. This vulnerability allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in an unspecified parameter. For example, an attacker could inject a Set-Cookie header.

Recommendations For CodeIgniter version 1.5.3, consider restricting access to the redirect function in url helper.php to minimize the risk of exploitation. As a temporary workaround, avoid using the vulnerable redirect function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.