Versions 3 and 4 of the Lyris List Manager allow any mailing list subscriber to gain access to the administrative interface of that list by changing a form before submitting it. Fix available here.
2f0b0f3203076a0c3be1376c0bf6a444c51fef60e897a936f0aedc04872cfb91
Versions 3 and 4 of the Lyris List Manager allow any mailing list
subscriber to gain access to the administrative interface of that list.
After a user has logged in, they may modify the generated web page as
follows to gain access:
Save the html to disk, and add the full path to the server into the FORM
tag. This allows it to be submitted when loaded from disk. Next change
the value of=20
<INPUT TYPE=3D"hidden" NAME=3D"list_admin" VALUE=3D"F">
to a "T". When the page is loaded back in the browser the user has
complete access to all list administrator functions. =20
Lyris has been notified, and a fix is available at
http://www.lyris.com/lm/lm_updates.html
-Adam
Note: I am not a representative of Lyris