CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
47.5%
Lyris ListManager 8.95 allows remote authenticated users to obtain sensitive information by attempting to add a user with a ’ (single quote) character in the name, which reveals the details of the underlying SQL query, possibly because of a forced SQL error or SQL injection.
Vendor | Product | Version | CPE |
---|---|---|---|
lyris | list_manager | 8.95 | cpe:2.3:a:lyris:list_manager:8.95:*:*:*:*:*:*:* |