Arbitrary Command Execution via Line Wrap in Lyris ListManager Web Interface
CVE-2005-4142 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
The web interface for subscribing new users in Lyris ListManager 5.0 through 8.8b, in combination with a line wrap feature, allows remote attackers to execute arbitrary list administration commands via LFCR (%0A%0D) sequences in the pw parameter. NOTE: it is not clear whether this is a variant of a CRLF injection vulnerability.
Learn more about our Web App Pen Testing.