CVE-2005-2060

Name of the Vulnerable Software and Affected Versions: Infopop UBB.Threads versions prior to 6.5.2 Beta

Description: The issue allows remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the Cat parameter. This is possible due to HTTP Response Splitting vulnerabilities in multiple files, including toggleshow.php, togglecats.php, and showprofile.php.

Recommendations: For versions prior to 6.5.2 Beta, update to version 6.5.2 Beta or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable files toggleshow.php, togglecats.php, and showprofile.php to minimize the risk of exploitation. Avoid using the Cat parameter in the affected API endpoints until the issue is resolved.