CVE-2005-4148

medium

Description

Lyris ListManager 8.5, and possibly other versions before 8.8, includes sensitive information in the env hidden variable, which allows remote attackers to obtain information such as the installation path by requesting a non-existent page and reading the env variable from the resulting error message page.

References

http://www.vupen.com/english/advisories/2005/2820

http://www.securityfocus.com/bid/15789

http://www.securityfocus.com/archive/1/419077/100/0/threaded

http://secunia.com/advisories/17943

http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html

Details

Source: Mitre, NVD

Published: 2005-12-10

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium