CVE-2004-2146

Name of the Vulnerable Software and Affected Versions PD9 Software MegaBBS versions 2 and 2.1

Description The issue concerns a CRLF injection vulnerability that allows attackers to conduct HTTP response splitting attacks. This is achieved by exploiting the fid parameter in a writenew action to the "thread-post.asp" endpoint.

Recommendations For PD9 Software MegaBBS versions 2 and 2.1, avoid using the fid parameter in the "thread-post.asp" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the writenew action in "thread-post.asp" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.