Unrated severityNVD Advisory· Published Jul 11, 2007· Updated Apr 23, 2026

CVE-2007-3686

Description

CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary HTTP headers and data via CRLF sequences in the HTTP_REFERER parameter.

Affected products

Masuga Design/Unobtrusive Ajax Star Rating Bar
cpe:2.3:a:masuga_design:unobtrusive_ajax_star_rating_bar:*:*:*:*:*:*:*:*
Range: <=1.1.9

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.cirt.net/advisories/unobtrusive_ajax_star_rating.shtmlnvdPatchVendor Advisory
secunia.com/advisories/25985nvdVendor Advisory
www.osvdb.org/35936nvd
www.securityfocus.com/bid/24840nvd
exchange.xforce.ibmcloud.com/vulnerabilities/35329nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000