CVE-2007-2046

Name of the Vulnerable Software and Affected Versions Openads (phpAdsNew) versions 2.0.11 and earlier Openads for PostgreSQL (phpPgAds) versions 2.0.11 and earlier

Description The issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the dest parameter and the Referer HTTP header.

Recommendations For Openads (phpAdsNew) versions 2.0.11 and earlier, update to a version later than 2.0.11 to resolve the issue. For Openads for PostgreSQL (phpPgAds) versions 2.0.11 and earlier, update to a version later than 2.0.11 to resolve the issue. As a temporary workaround, consider restricting access to the adclick.php file and avoiding the use of the dest parameter in the affected API endpoint until a patch is available.