Unrated severityNVD Advisory· Published Nov 18, 2005· Updated Apr 16, 2026

CVE-2005-3348

Description

HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter.

Affected products

Phpsysinfo/Phpsysinfo4 versions
cpe:2.3:a:phpsysinfo:phpsysinfo:2.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:phpsysinfo:phpsysinfo:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpsysinfo:phpsysinfo:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpsysinfo:phpsysinfo:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:phpsysinfo:phpsysinfo:2.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.debian.org/security/2005/dsa-898nvdPatchVendor Advisory
secunia.com/advisories/17441nvd
secunia.com/advisories/17570nvd
secunia.com/advisories/17584nvd
secunia.com/advisories/17616nvd
secunia.com/advisories/17620nvd
secunia.com/advisories/17643nvd
secunia.com/advisories/17698nvd
www.debian.org/security/2005/dsa-897nvd
www.debian.org/security/2005/dsa-899nvd
www.gentoo.org/security/en/glsa/glsa-200511-18.xmlnvd
www.hardened-php.net/advisory_212005.81.htmlnvd
www.mandriva.com/security/advisoriesnvd
www.securityfocus.com/archive/1/416543nvd
www.securityfocus.com/bid/15396nvd
www.securityfocus.com/bid/15414nvd
exchange.xforce.ibmcloud.com/vulnerabilities/23107nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000