Lyris ListManager 8.5, and possibly other versions before 8.8, includes sensitive information in the env hidden variable, which allows remote attackers to obtain information such as the installation path by requesting a non-existent page and reading the env variable from the resulting error message page.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2005-12-10T11:00:00
Updated: 2024-08-07T23:38:50.289Z
Reserved: 2005-12-10T00:00:00
Link: CVE-2005-4148
Vulnrichment
No data.
NVD
Status : Modified
Published: 2005-12-10T11:03:00.000
Modified: 2018-10-19T15:40:26.877
Link: CVE-2005-4148
Redhat
No data.