Vulnerabilities > CVE-2006-4547 - Unspecified vulnerability in Lyris List Manager 8.95
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Lyris ListManager 8.95 allows remote authenticated users to obtain sensitive information by attempting to add a user with a ' (single quote) character in the name, which reveals the details of the underlying SQL query, possibly because of a forced SQL error or SQL injection.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0817.html
- http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0817.html
- http://securityreason.com/securityalert/1502
- http://securityreason.com/securityalert/1502
- http://securitytracker.com/id?1016771
- http://securitytracker.com/id?1016771
- http://www.securityfocus.com/archive/1/444844/100/0/threaded
- http://www.securityfocus.com/archive/1/444844/100/0/threaded