Lyris List Manager <= 8.8a Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 3324
SynopsisThe remote host is vulnerable to multiple attack vectors.
DescriptionThe remote host is running Lyris List Manager, a mailing list manager. This version of Lyris is vulnerable to multiple flaws. There is a flaw in the way that Lyris handles SQL queries that an attacker could use to execute arbitrary commands on the backend database. There is a flaw that would allow an attacker to execute arbitrary commands with the permissions of the web server. Finally, there are several flaws that would allow an attacker to access information that was not intended for public consumption. An attacker exploiting these flaws would likely be able to access confidential data and tarnish the integrity of both the web server and the database.
SolutionUpgrade to a version higher than 8.8a.