Lyris ListManager 8.5, and possibly other versions prior to 8.8, includes sensitive information in the env hidden variable, which allows remote malicious users to obtain information such as the installation path by requesting a non-existent page and reading the env variable from the resulting error message page.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lyris technologies inc listmanager 5.0 |
||
lyris technologies inc listmanager 6.0 |
||
lyris technologies inc listmanager 7.0 |
||
lyris technologies inc listmanager 8.0 |
||
lyris technologies inc listmanager 8.8a |