Lucene search

[email protected]CVE-2005-4143

HistoryDec 10, 2005 - 11:03 a.m.

CVE-2005-4143

2005-12-1011:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-4143

lyris listmanager

sql injection

remote attackers

arbitrary commands

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.2%

JSON

SQL injection vulnerability in Lyris ListManager 5.0 through 8.9a allows remote attackers to execute arbitrary SQL commands via SQL code after a numeric argument to a /read/attachment URL.

CPENameOperatorVersion
lyris:list_managerlyris list managereq5.0
lyris:list_managerlyris list managereq7.0
lyris:list_managerlyris list managereq6.0
lyris:list_managerlyris list managereq8.0
lyris:list_managerlyris list managereq8.8a

CPE	Name	Operator	Version
lyris:list_manager	lyris list manager	eq	5.0
lyris:list_manager	lyris list manager	eq	7.0
lyris:list_manager	lyris list manager	eq	6.0
lyris:list_manager	lyris list manager	eq	8.0
lyris:list_manager	lyris list manager	eq	8.8a

References

archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html

metasploit.com/research/vulns/lyris_listmanager/

secunia.com/advisories/17943

www.osvdb.org/21548

www.securityfocus.com/archive/1/419077/100/0/threaded

www.securityfocus.com/bid/15787

www.vupen.com/english/advisories/2005/2820

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.2%

JSON

Related for CVE-2005-4143

nessus1