Vulnerability Details CVE-2006-4547
Lyris ListManager 8.95 allows remote authenticated users to obtain sensitive information by attempting to add a user with a ' (single quote) character in the name, which reveals the details of the underlying SQL query, possibly because of a forced SQL error or SQL injection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.6%
CVSS Severity
CVSS v2 Score 6.5
References
- http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0817.html
- http://securityreason.com/securityalert/1502
- http://securitytracker.com/id?1016771
- http://www.securityfocus.com/archive/1/444844/100/0/threaded
- http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0817.html
- http://securityreason.com/securityalert/1502
- http://securitytracker.com/id?1016771
- http://www.securityfocus.com/archive/1/444844/100/0/threaded
Products affected by CVE-2006-4547
-
cpe:2.3:a:lyris:list_manager:8.95