VYPR
Unrated severityNVD Advisory· Published Dec 10, 2005· Updated Jun 16, 2026

CVE-2005-4148

CVE-2005-4148

Description

Lyris ListManager 8.5, and possibly other versions before 8.8, includes sensitive information in the env hidden variable, which allows remote attackers to obtain information such as the installation path by requesting a non-existent page and reading the env variable from the resulting error message page.

Affected products

6
  • Lyris/Listmanager6 versions
    cpe:2.3:a:lyris_technologies_inc:listmanager:5.0:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:lyris_technologies_inc:listmanager:5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:lyris_technologies_inc:listmanager:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:lyris_technologies_inc:listmanager:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:lyris_technologies_inc:listmanager:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:lyris_technologies_inc:listmanager:8.8a:*:*:*:*:*:*:*
    • (no CPE)range: <8.8

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.