Lyris : Security Vulnerabilities, CVEs, (Sql injection)
Lyris ListManager 8.95 allows remote authenticated users to obtain sensitive information by attempting to add a user with a ' (single quote) character in the name, which reveals the details of the underlying SQL query, possibly because of a forced SQL error or SQL injection.
Max CVSS
6.5
EPSS Score
0.13%
Published
2006-09-06
Updated
2018-10-17
SQL injection vulnerability in Lyris ListManager 5.0 through 8.9a allows remote attackers to execute arbitrary SQL commands via SQL code after a numeric argument to a /read/attachment URL.
Max CVSS
7.5
EPSS Score
0.97%
Published
2005-12-10
Updated
2018-10-19
2 vulnerabilities found