CVE-2005-4144 - Lyris ListManager 5.0 through 8.9a allows remote attackers to add "ORDER BY" columns to SQL queries

CVE-2005-4144

Summary

Lyris ListManager 5.0 through 8.9a allows remote attackers to add "ORDER BY" columns to SQL queries via unusual whitespace characters in the orderby parameter, such as (1) newlines and (2) 0xFF (ASCII 255) characters, which are interpreted as whitespace.

References

Vulnerable Configurations

cpe:2.3:a:lyris:list_manager:5.0:*:*:*:*:*:*:*
cpe:2.3:a:lyris:list_manager:5.0:*:*:*:*:*:*:*
cpe:2.3:a:lyris:list_manager:6.0:*:*:*:*:*:*:*
cpe:2.3:a:lyris:list_manager:6.0:*:*:*:*:*:*:*
cpe:2.3:a:lyris:list_manager:7.0:*:*:*:*:*:*:*
cpe:2.3:a:lyris:list_manager:7.0:*:*:*:*:*:*:*
cpe:2.3:a:lyris:list_manager:8.0:*:*:*:*:*:*:*
cpe:2.3:a:lyris:list_manager:8.0:*:*:*:*:*:*:*
cpe:2.3:a:lyris:list_manager:8.8a:*:*:*:*:*:*:*
cpe:2.3:a:lyris:list_manager:8.8a:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 19-10-2018 - 15:40)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	15787
bugtraq	20051209 PGP Wipe Free Space, Lyris ListManager Flaws, Windows Timestamps, Sam Juicer
fulldisc	20051208 PGP Wipe Free Space, Lyris ListManager Flaws, Windows Timestamps, Sam Juicer
misc	http://metasploit.com/research/vulns/lyris_listmanager/
osvdb	21549
secunia	17943
vupen	ADV-2005-2820

Last major update

19-10-2018 - 15:40

Published

10-12-2005 - 11:03

Last modified

19-10-2018 - 15:40