Unrated severityNVD Advisory· Published Dec 10, 2005· Updated Jun 16, 2026
CVE-2005-4144
CVE-2005-4144
Description
Lyris ListManager 5.0 through 8.9a allows remote attackers to add "ORDER BY" columns to SQL queries via unusual whitespace characters in the orderby parameter, such as (1) newlines and (2) 0xFF (ASCII 255) characters, which are interpreted as whitespace.
Affected products
6cpe:2.3:a:lyris:list_manager:5.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:lyris:list_manager:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:lyris:list_manager:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:lyris:list_manager:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:lyris:list_manager:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:lyris:list_manager:8.8a:*:*:*:*:*:*:*
- (no CPE)range: >=5.0 <=8.9a
Patches
Vulnerability mechanics
References
7- secunia.com/advisories/17943nvdPatchVendor Advisory
- www.osvdb.org/21549nvdPatch
- www.securityfocus.com/bid/15787nvdPatch
- metasploit.com/research/vulns/lyris_listmanager/nvdVendor Advisory
- archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.htmlnvd
- www.securityfocus.com/archive/1/419077/100/0/threadednvd
- www.vupen.com/english/advisories/2005/2820nvd
News mentions
0No linked articles in our index yet.