Rapid7 Vulnerability & Exploit Database

Lyris ListManager SQL Injection in Username

Back to Search

Lyris ListManager SQL Injection in Username

Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
08/31/2006
Created
07/25/2018
Added
03/21/2008
Modified
07/31/2012

Description

Some versions of Lyris ListManager allow remote authenticated users to obtain sensitive information by attempting to add a user with a ' (single quote) character in the name, which reveals the details of the underlying SQL query, possibly because of a forced SQL error or SQL injection.

At least version 8.95 is vulnerable. Older 8.9 versions are probably vulnerable as well. The vulnerability is assumed to be fixed in version 8.95d, however Lyris did not provide detailed fix information.

Solution(s)

  • listmanager-upgrade-8-95-d

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;