VYPR
Unrated severityNVD Advisory· Published Dec 10, 2005· Updated Jun 16, 2026

CVE-2005-4144

CVE-2005-4144

Description

Lyris ListManager 5.0 through 8.9a allows remote attackers to add "ORDER BY" columns to SQL queries via unusual whitespace characters in the orderby parameter, such as (1) newlines and (2) 0xFF (ASCII 255) characters, which are interpreted as whitespace.

Affected products

6
  • Lyris/Listmanager6 versions
    cpe:2.3:a:lyris:list_manager:5.0:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:lyris:list_manager:5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:lyris:list_manager:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:lyris:list_manager:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:lyris:list_manager:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:lyris:list_manager:8.8a:*:*:*:*:*:*:*
    • (no CPE)range: >=5.0 <=8.9a

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.