CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
91.3%
The web interface for subscribing new users in Lyris ListManager 5.0 through 8.8b, in combination with a line wrap feature, allows remote attackers to execute arbitrary list administration commands via LFCR (%0A%0D) sequences in the pw parameter. NOTE: it is not clear whether this is a variant of a CRLF injection vulnerability.
Vendor | Product | Version | CPE |
---|---|---|---|
lyris_technologies_inc | listmanager | 5.0 | cpe:2.3:a:lyris_technologies_inc:listmanager:5.0:*:*:*:*:*:*:* |
lyris_technologies_inc | listmanager | 6.0 | cpe:2.3:a:lyris_technologies_inc:listmanager:6.0:*:*:*:*:*:*:* |
lyris_technologies_inc | listmanager | 7.0 | cpe:2.3:a:lyris_technologies_inc:listmanager:7.0:*:*:*:*:*:*:* |
lyris_technologies_inc | listmanager | 8.0 | cpe:2.3:a:lyris_technologies_inc:listmanager:8.0:*:*:*:*:*:*:* |
lyris_technologies_inc | listmanager | 8.8a | cpe:2.3:a:lyris_technologies_inc:listmanager:8.8a:*:*:*:*:*:*:* |