7.5
CVE-2005-4144
- EPSS 1.76%
- Veröffentlicht 10.12.2005 11:03:00
- Zuletzt bearbeitet 16.06.2026 22:18:15
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginLyris ListManager 5.0 through 8.9a allows remote attackers to add "ORDER BY" columns to SQL queries via unusual whitespace characters in the orderby parameter, such as (1) newlines and (2) 0xFF (ASCII 255) characters, which are interpreted as whitespace.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lyris ≫ List Manager Version5.0
Lyris ≫ List Manager Version6.0
Lyris ≫ List Manager Version7.0
Lyris ≫ List Manager Version8.0
Lyris ≫ List Manager Version8.8a
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.76% | 0.751 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html
http://metasploit.com/research/vulns/lyris_listmanager/
http://secunia.com/advisories/17943
http://www.securityfocus.com/archive/1/419077/100/0/threaded
http://www.vupen.com/english/advisories/2005/2820
http://www.securityfocus.com/bid/15787
http://www.osvdb.org/21549