[原文]Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain sensitive information by causing errors in TML scripts, such as via direct requests, which leaks the installation path, SQL queries, or product code in diagnostic messages.
Lyris ListManager TML Script Error Message Information Disclosure
Remote / Network Access
Loss of Confidentiality
Lyris ListManager contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker requests a TML script that generates an error. The resulting error page may contain diagnostic information such as the software version, installation path, SQL queries and more.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.