Vulnerabilities > CVE-2006-4547 - SQL-Injection vulnerability in Lyris List Manager 8.95
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Lyris ListManager 8.95 allows remote authenticated users to obtain sensitive information by attempting to add a user with a ' (single quote) character in the name, which reveals the details of the underlying SQL query, possibly because of a forced SQL error or SQL injection.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |