CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2005-4144

Lyris ListManager 5.0 through 8.9a allows remote attackers to add "ORDER BY" columns to SQL queries via unusual whitespace characters in the orderby parameter, such as (1) newlines and (2) 0xFF (ASCII 255) characters, which are interpreted as whitespace.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.012

EPSS Ranking 78.1%

CVSS Severity

CVSS v2 Score 7.5

References

http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html
http://metasploit.com/research/vulns/lyris_listmanager/
http://secunia.com/advisories/17943
http://www.osvdb.org/21549
http://www.securityfocus.com/archive/1/419077/100/0/threaded
http://www.securityfocus.com/bid/15787
http://www.vupen.com/english/advisories/2005/2820
http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html
http://metasploit.com/research/vulns/lyris_listmanager/
http://secunia.com/advisories/17943
http://www.osvdb.org/21549
http://www.securityfocus.com/archive/1/419077/100/0/threaded
http://www.securityfocus.com/bid/15787
http://www.vupen.com/english/advisories/2005/2820

Products affected by CVE-2005-4144

Lyris » List Manager » Version: 5.0

cpe:2.3:a:lyris:list_manager:5.0
Lyris » List Manager » Version: 6.0

cpe:2.3:a:lyris:list_manager:6.0
Lyris » List Manager » Version: 7.0

cpe:2.3:a:lyris:list_manager:7.0
Lyris » List Manager » Version: 8.0

cpe:2.3:a:lyris:list_manager:8.0
Lyris » List Manager » Version: 8.8a

cpe:2.3:a:lyris:list_manager:8.8a

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-4144

Products

Pricing

Contact Us