cbcvebase.
CVE-2005-4142
published 2005-12-10

CVE-2005-4142: The web interface for subscribing new users in Lyris ListManager 5.0 through 8.8b, in combination with a line wrap feature, allows remote attackers to execute…

PriorityP434high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.01%
85.8th percentile
The web interface for subscribing new users in Lyris ListManager 5.0 through 8.8b, in combination with a line wrap feature, allows remote attackers to execute arbitrary list administration commands via LFCR (%0A%0D) sequences in the pw parameter. NOTE: it is not clear whether this is a variant of a CRLF injection vulnerability.

Affected

5 ranges
VendorProductVersion rangeFixed in
lyris_technologies_inclistmanager
lyris_technologies_inclistmanager
lyris_technologies_inclistmanager
lyris_technologies_inclistmanager
lyris_technologies_inclistmanager
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.