Описание
The web interface for subscribing new users in Lyris ListManager 5.0 through 8.8b, in combination with a line wrap feature, allows remote attackers to execute arbitrary list administration commands via LFCR (%0A%0D) sequences in the pw parameter. NOTE: it is not clear whether this is a variant of a CRLF injection vulnerability.
Ссылки
- Exploit
- PatchVendor Advisory
- Exploit
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:lyris_technologies_inc:listmanager:5.0:*:*:*:*:*:*:*
cpe:2.3:a:lyris_technologies_inc:listmanager:6.0:*:*:*:*:*:*:*
cpe:2.3:a:lyris_technologies_inc:listmanager:7.0:*:*:*:*:*:*:*
cpe:2.3:a:lyris_technologies_inc:listmanager:8.0:*:*:*:*:*:*:*
cpe:2.3:a:lyris_technologies_inc:listmanager:8.8a:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.01867
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
The web interface for subscribing new users in Lyris ListManager 5.0 through 8.8b, in combination with a line wrap feature, allows remote attackers to execute arbitrary list administration commands via LFCR (%0A%0D) sequences in the pw parameter. NOTE: it is not clear whether this is a variant of a CRLF injection vulnerability.
EPSS
Процентиль: 83%
0.01867
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other