Rapid7 Vulnerability & Exploit Database

Lyris ListManager User Adding Security Bypass Vulnerability

Back to Search

Lyris ListManager User Adding Security Bypass Vulnerability

Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
08/31/2006
Created
07/25/2018
Added
03/21/2008
Modified
02/13/2015

Description

Some versions of Lyris ListManager allow remote authenticated users, who have administrative privileges for at least one list on the server, to add new administrators to any list via a modified MEMBERS_.List_ parameter.

At least version 8.95 is vulnerable. Older 8.9 versions are probably vulnerable as well. The vulnerability is assumed to be fixed in version 8.95d, however Lyris did not provide detailed fix information.

Solution(s)

  • listmanager-upgrade-8-95-d

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;