Moderate severityNVD Advisory· Published Aug 8, 2007· Updated Apr 23, 2026

CVE-2007-4190

Description

CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
joomla/applicationPackagist	< 1.0.13	1.0.13

Affected products

Joomla/Joomla!
cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*
Range: <1.0.13

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/26239nvdPatchVendor Advisory
www.joomla.org/content/view/3677/1/nvdVendor Advisory
www.vupen.com/english/advisories/2007/2719nvdThird Party Advisory
github.com/advisories/GHSA-h22q-g2c7-2jwjghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2007-4190ghsaADVISORY
osvdb.org/38739nvdBroken Link
web.archive.org/web/20071001212343/http://www.joomla.org/content/view/3677/1ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000