CVE-2005-4142

Name of the Vulnerable Software and Affected Versions Lyris ListManager versions 5.0 through 8.8b

Description The issue affects the web interface for subscribing new users, where a combination with a line wrap feature allows remote attackers to execute arbitrary list administration commands. This is achieved by using LFCR (%0A%0D) sequences in the pw parameter.

Recommendations For Lyris ListManager versions 5.0 through 8.8b, consider restricting access to the web interface for subscribing new users until a fix is available. As a temporary workaround, avoid using the pw parameter in the affected web interface to minimize the risk of exploitation.