CVE-2011-4545 in Prestashop
Summary
by MITRE
CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name parameter.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 01/11/2025
The CVE-2011-4545 vulnerability represents a critical CRLF injection flaw in the PrestaShop e-commerce platform version 1.4.4.1, specifically within the admin/displayImage.php script. This vulnerability falls under the CWE-113 category, which classifies improper neutralization of CRLF sequences in HTTP headers, making it a prime example of HTTP response splitting attacks. The flaw occurs when the application fails to properly sanitize user input passed through the name parameter, allowing malicious actors to inject carriage return and line feed characters that can manipulate HTTP response headers.
The technical execution of this vulnerability involves an attacker crafting a malicious payload containing CRLF sequences within the name parameter of the displayImage.php endpoint. When the application processes this input without proper validation, it incorporates these injected characters into HTTP headers, potentially enabling attackers to inject arbitrary headers or manipulate the response structure. This creates a dangerous condition where attackers can redirect users to malicious sites, steal session cookies, or inject malicious content into the HTTP response stream. The vulnerability specifically targets the admin interface, making it particularly dangerous as it could provide unauthorized access to administrative functions.
From an operational impact perspective, this vulnerability poses significant risks to PrestaShop installations as it enables attackers to perform HTTP response splitting attacks that can lead to session hijacking, cross-site scripting, and cache poisoning. The attack vector operates entirely through HTTP requests, making it accessible to remote threat actors without requiring physical access or elevated privileges. Security researchers have documented that such vulnerabilities in web application frameworks can result in complete system compromise, especially when combined with other attack vectors. The impact extends beyond simple header injection as it can facilitate more sophisticated attacks like man-in-the-middle scenarios where attackers can manipulate the entire HTTP response flow.
Mitigation strategies for CVE-2011-4545 should focus on immediate input validation and sanitization of all user-supplied data, particularly in administrative endpoints. The most effective approach involves implementing strict parameter validation that rejects or encodes CRLF characters in input fields before processing. Organizations should also consider implementing Content Security Policy headers and HTTP response header sanitization mechanisms to prevent header injection attacks. Additionally, the vulnerability demonstrates the importance of regular security updates and patch management, as PrestaShop 1.4.4.1 was vulnerable to this issue and subsequent versions addressed the problem through proper input validation. The ATT&CK framework categorizes this type of vulnerability under T1566 - Phishing and T1071.1 - Application Layer Protocol: Web Protocols, highlighting its potential for social engineering and web-based attack execution. Organizations should also implement web application firewalls and monitor for unusual HTTP header patterns that might indicate exploitation attempts.