CVE-2013-2652

Exp

CRLF injection vulnerability in help/help_language.php in WebCollab 3.30 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the item parameter.

Published: 2013-11-02 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2013-2652 is rated High Exploit Risk (63.2/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 2.53%). Core evidence: 2 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +2.03% over the last day, indicating growing attacker interest. Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2013-2652

EDB-ID Source Kind Published Link
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2013-2652

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.49% 2.53% +2.03%
2 2025-06-12 0.27% 0.49% +0.22%
3 2025-03-30 0.27%

Full EPSS history (10 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2013-2652

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
4.3 2.0 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
8.6 2.9 [email protected]

Weakness enumeration for CVE-2013-2652

Affected software / configurations for CVE-2013-2652

Vendor Product Version Raw CPE
andrew_simpson webcollab <= 3.30 cpe:2.3:a:andrew_simpson:webcollab:*:*:*:*:*:*:*:*
andrew_simpson webcollab 1.3 cpe:2.3:a:andrew_simpson:webcollab:1.3:beta:*:*:*:*:*:*
andrew_simpson webcollab 1.30 cpe:2.3:a:andrew_simpson:webcollab:1.30:*:*:*:*:*:*:*
andrew_simpson webcollab 1.31 cpe:2.3:a:andrew_simpson:webcollab:1.31:*:*:*:*:*:*:*
andrew_simpson webcollab 1.32 cpe:2.3:a:andrew_simpson:webcollab:1.32:*:*:*:*:*:*:*
andrew_simpson webcollab 1.40 cpe:2.3:a:andrew_simpson:webcollab:1.40:*:*:*:*:*:*:*
andrew_simpson webcollab 1.41 cpe:2.3:a:andrew_simpson:webcollab:1.41:*:*:*:*:*:*:*
andrew_simpson webcollab 1.42 cpe:2.3:a:andrew_simpson:webcollab:1.42:*:*:*:*:*:*:*
andrew_simpson webcollab 1.50 cpe:2.3:a:andrew_simpson:webcollab:1.50:*:*:*:*:*:*:*
andrew_simpson webcollab 1.51 cpe:2.3:a:andrew_simpson:webcollab:1.51:*:*:*:*:*:*:*
andrew_simpson webcollab 1.60 cpe:2.3:a:andrew_simpson:webcollab:1.60:*:*:*:*:*:*:*
andrew_simpson webcollab 1.60a cpe:2.3:a:andrew_simpson:webcollab:1.60a:*:*:*:*:*:*:*
andrew_simpson webcollab 1.61 cpe:2.3:a:andrew_simpson:webcollab:1.61:*:*:*:*:*:*:*
andrew_simpson webcollab 1.62 cpe:2.3:a:andrew_simpson:webcollab:1.62:*:*:*:*:*:*:*
andrew_simpson webcollab 1.62a cpe:2.3:a:andrew_simpson:webcollab:1.62a:*:*:*:*:*:*:*
andrew_simpson webcollab 1.70 cpe:2.3:a:andrew_simpson:webcollab:1.70:*:*:*:*:*:*:*
andrew_simpson webcollab 1.71 cpe:2.3:a:andrew_simpson:webcollab:1.71:*:*:*:*:*:*:*
andrew_simpson webcollab 1.71a cpe:2.3:a:andrew_simpson:webcollab:1.71a:*:*:*:*:*:*:*
andrew_simpson webcollab 1.80 cpe:2.3:a:andrew_simpson:webcollab:1.80:*:*:*:*:*:*:*
andrew_simpson webcollab 1.81 cpe:2.3:a:andrew_simpson:webcollab:1.81:*:*:*:*:*:*:*
andrew_simpson webcollab 2.00 cpe:2.3:a:andrew_simpson:webcollab:2.00:*:*:*:*:*:*:*
andrew_simpson webcollab 2.01 cpe:2.3:a:andrew_simpson:webcollab:2.01:*:*:*:*:*:*:*
andrew_simpson webcollab 2.10 cpe:2.3:a:andrew_simpson:webcollab:2.10:*:*:*:*:*:*:*
andrew_simpson webcollab 2.11 cpe:2.3:a:andrew_simpson:webcollab:2.11:*:*:*:*:*:*:*
andrew_simpson webcollab 2.20 cpe:2.3:a:andrew_simpson:webcollab:2.20:*:*:*:*:*:*:*
andrew_simpson webcollab 2.30 cpe:2.3:a:andrew_simpson:webcollab:2.30:*:*:*:*:*:*:*
andrew_simpson webcollab 2.31 cpe:2.3:a:andrew_simpson:webcollab:2.31:*:*:*:*:*:*:*
andrew_simpson webcollab 2.40 cpe:2.3:a:andrew_simpson:webcollab:2.40:*:*:*:*:*:*:*
andrew_simpson webcollab 2.50 cpe:2.3:a:andrew_simpson:webcollab:2.50:*:*:*:*:*:*:*
andrew_simpson webcollab 2.60 cpe:2.3:a:andrew_simpson:webcollab:2.60:*:*:*:*:*:*:*
andrew_simpson webcollab 2.61 cpe:2.3:a:andrew_simpson:webcollab:2.61:*:*:*:*:*:*:*
andrew_simpson webcollab 2.70 cpe:2.3:a:andrew_simpson:webcollab:2.70:*:*:*:*:*:*:*
andrew_simpson webcollab 2.71 cpe:2.3:a:andrew_simpson:webcollab:2.71:*:*:*:*:*:*:*
andrew_simpson webcollab 3.00 cpe:2.3:a:andrew_simpson:webcollab:3.00:*:*:*:*:*:*:*
andrew_simpson webcollab 3.10 cpe:2.3:a:andrew_simpson:webcollab:3.10:*:*:*:*:*:*:*
andrew_simpson webcollab 3.20 cpe:2.3:a:andrew_simpson:webcollab:3.20:*:*:*:*:*:*:*
andrew_simpson webcollab 3.21 cpe:2.3:a:andrew_simpson:webcollab:3.21:*:*:*:*:*:*:*

References for CVE-2013-2652

cvelogic Threat Intelligence