Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Lyris List Manager <= 8.8a Multiple Vulnerabilities

High

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running Lyris List Manager, a mailing list manager. This version of Lyris is vulnerable to multiple flaws. There is a flaw in the way that Lyris handles SQL queries that an attacker could use to execute arbitrary commands on the backend database. There is a flaw that would allow an attacker to execute arbitrary commands with the permissions of the web server. Finally, there are several flaws that would allow an attacker to access information that was not intended for public consumption. An attacker exploiting these flaws would likely be able to access confidential data and tarnish the integrity of both the web server and the database.

Solution

Upgrade to a version higher than 8.8a.